Averting man in the browser attack using user-specific personal images

Abstract

In the recent years, there has been a tremendous rise in online banking transactions. Some of the major factors contributing to this growth are - easy availability of higher bandwidth internet connections at low cost and ease of online transactions compared to the traditional banking methods. Also, this field has attracted the cybercriminals to take advantage of the loopholes in the process of online transaction. One of the most advanced threats today is the Man In The Browser (MitB) attack. MitB attack deploys a Trojan in the browser of the user and then steals the credentials of the user to initiate a transaction for transferring the money in a mule account. All this happens without any notice to bank or the user. MitB attack defeats the traditional two factor authentication currently used by the banks to authenticate the identity of the user performing the transaction. This paper presents a new framework for enhancing authentication during an online transaction to tackle the problem of MitB attack.