Phase 1

Abdirahman Ismail
BAS–490
Professor Calvin
10/20/2023
Introduction

Significant security concerns have been raised in the modern period due to the

widespread use of digital channels and our growing reliance on them. The dawn of the digital

age has brought with it an explosion of new ideas and connections, but it has also left us

vulnerable to cyberattacks. In particular, phishing assaults have spread like wildfire throughout

the cybercrime landscape. Phishing attacks, which deliberately mislead users in order to steal

their personal information, are a serious problem for online safety. They pose a significant risk of

monetary and public-image loss as well as privacy violations. These assaults highlight the need

for a more robust security solution by highlighting the weakness of existing single-factor

authentication techniques like usernames and passwords. Multi-Factor Authentication (MFA) has

been widely adopted by the cybersecurity industry as a more reliable security solution to this

problem (Gill & Jones, 2016). Since MFA requires numerous forms of verification before

allowing access, it serves as a strong deterrent against hacking attempts (Libicki, 2011). The

purpose of this study is to evaluate how well MFA protects users from the increasingly

sophisticated phishing assaults. This research project examines MFA methods, from hardware

tokens to biometrics, to determine their phishing prevention efficacy. MFA's efficacy in

combating phishing attacks is also explored via case studies (Cassidy & Manor, 2016). This

paper seeks to illuminate MFA's role in current cybersecurity and provide ways to improve MFA

systems to combat fraudsters' ever-changing strategies.

Statement of Purpose

This study's primary goal is critically assess how well multi-factor authentication works

to stop phishing assaults. Understanding how MFA improves security and its possible drawbacks

and weaknesses is crucial as cyber threats develop. This study will examine the various MFA

elements and kinds, such as hardware tokens and biometrics, and evaluate the individual and

combined effectiveness against phishing attacks. The study will also take into account actual

case studies and situations when MFA was put to the test against phishing assaults, learning from

both its triumphs and failures. By doing this, the study hopes to offer a thorough knowledge of

MFA's function in the current cybersecurity context. The study will also suggest improving MFA

systems to remain effective against fraudsters' ever-evolving strategies. With the help of this

investigation, the research hopes to add to the ongoing conversation about cybersecurity by

offering helpful information to technical specialists and the general public.

Literature Review

Phishing assaults are still a constant danger for e-service systems. This paper proposes a

multifactor authentication strategy designed to thwart phishing attempts in e-service platforms,

emphasizing the setting of Bangladesh. The difficulties of implementing cost-effective

authentication techniques while retaining a high level of security are highlighted by Zahid Hasan

et al. (2019). The suggested architecture intends to significantly lower the danger of phishing

attacks and increase user confidence in e-service systems by incorporating numerous verification

stages. In order to create multifactor authentication, three components were used: a user ID, a

protected image with a description, and a one-time password. The survey shows that the

suggested multifactor authentication approach outperforms the conventional two-factor

authentication model by 59% overall, including 64% points for non-technical users and 55% for
technical users. User satisfaction was attained since the model mirrored the user's outcomes and

suggestions.

The demand for more secure authentication techniques increases as the digital

environment changes. Ometov et al. (2018) go in-depth on the subject of multifactor

authentication, covering its many elements and the difficulties of putting them into practice. The

author explains how well MFA works against various cyber risks, including spoofing assaults. It

also clarifies the possible weaknesses of MFA and provides suggestions for improving it.

Phishing assaults still present severe risks to internet users. Zahid Hasan et al.'s (2019)

investigation of several defenses against phishing. The study highlights the possibility of

consumer education as a preventive approach in addition to technology solutions. Organizations

and individuals can be better prepared to defend themselves against phishing attacks by being

aware of the advantages and disadvantages of various solutions. According to the data, eight

different categories may be used to group together the anti-phishing techniques that are now

widely used online. Additionally, all of the therapies that have been suggested thus far are

preventative. Convolutional neural networks (CNN) and deep learning have opened up new

possibilities for authentication systems. Sajjad et al. (2019) present a unique MFA system that

uses CNN to combat spoofing. The suggested system is intended to be reliable and effective at

confirming users' identities, making it incredibly resistant to spoofing assaults. The study

demonstrates the potential of contemporary AI technology in strengthening cybersecurity

measures by using deep learning techniques.

Conventional authentication techniques are vulnerable to different security flaws, notably

text-based passwords. Carrillo-Torres et al. (2023) put out a novel MFA method that combines

picture recognition with user-established relationships. The distinctiveness of this strategy

resides in its two-factor authentication procedure, which requires users to first recognize specific

photos from a randomly chosen collection before concluding an authentication by establishing a

pre-configured link between two provided images. The study highlights the algorithm's precision

and usability, establishing it as a competitive alternative to more widely used MFA techniques.

An innovative solution that combines a mobile app with a camera is presented by Jindal

and Misra (2020) in their search for more secure authentication techniques. Due to the proposed

MFA method, users can authenticate without using tokens or conventional passwords. Instead,

users authenticate a webcam picture given to the smartphone via push notification after scanning

a QR code that was dynamically produced using a smartphone app. The study emphasizes how

automated the scheme requires and how little human participation it requires, pointing to its

potential as a safe and convenient authentication technique.

Financial transactions have changed due to mobile money applications, particularly in

areas with weak banking infrastructure. It is essential to guarantee the security of these

transactions. A multi-factor authentication technique tailored exclusively for mobile money

applications was suggested by Ali et al. in 2021. The technique combines a PIN, an OTP, and a

biometric fingerprint for improved security during mobile money authentication. The study

emphasizes the algorithm's effectiveness and security, highlighting its potential to protect

financial transactions in the digital era.

Conclusion

The quick development of the digital world has created both possibilities and difficulties.

Cyber dangers are becoming more sophisticated and frequent as we become more dependent on

internet platforms. Phishing attacks have become a significant worry among these dangers since
they may result in unauthorized access, possible data breaches, and considerable financial and

reputational harm. The inadequacy of conventional authentication techniques against these

sophisticated assaults makes it necessary to investigate and implement more vital security

solutions like multi-factor authentication (MFA). The examined literature emphasizes MFA's

role in enhancing online security, and numerous research studies have introduced cutting-edge

methods and algorithms to maximize its efficiency. The research environment is rife with

potential answers, from Elliptic Curve Cryptography to picture recognition and user-established

interactions. Researchers, technologists, and policymakers must keep up with the latest

advancements in cyber dangers to maintain our digital systems' security, reliability, and usability.

Reference:

Ali, G., Dida, M. A., & Elikana Sam, A. (2021, November 25). A Secure and Efficient Multi-
Factor Authentication Algorithm for Mobile Money Applications. Future Internet,
13(12), 299. https://doi.org/10.3390/fi13120299

Carrillo-Torres, D., Pérez-Díaz, J. A., Cantoral-Ceballos, J. A., & Vargas-Rosales, C. (2023,

January 20). A Novel Multi-Factor Authentication Algorithm Based on Image
Recognition and User Established Relations. Applied Sciences, 13(3), 1374.
https://doi.org/10.3390/app13031374

Ashibani, Y., & Mahmoud, Q. H. (2020). A Multi-Feature User Authentication Model Based on
Mobile App Interactions. IEEE Access, 8, 96322–96339.
https://doi.org/10.1109/access.2020.2996233

Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018,
January 5). Multi-Factor Authentication: A Survey. Cryptography, 2(1), 1.
https://doi.org/10.3390/cryptography2010001

Purkait, S. (2012, November 23). Phishing counter measures and their effectiveness – literature
review. Information Management & Computer Security, 20(5), 382–420.
https://doi.org/10.1108/09685221211286548

Sajjad, M., Khan, S., Hussain, T., Muhammad, K., Sangaiah, A. K., Castiglione, A., Esposito, C.,
& Baik, S. W. (2019, September). CNN-based anti-spoofing two-tier multi-factor
 authentication system. Pattern Recognition Letters, 126, 123–131.
https://doi.org/10.1016/j.patrec.2018.02.015

Sajjad, M., Khan, S., Hussain, T., Muhammad, K., Sangaiah, A. K., Castiglione, A., Esposito, C.,
& Baik, S. W. (2019, September). CNN-based anti-spoofing two-tier multi-factor
authentication system. Pattern Recognition Letters, 126, 123–131.
https://doi.org/10.1016/j.patrec.2018.02.015

Sun, J., Lenz, D., Yu, H., & Peterka, T. (2023, October 10). MFA-DVR: direct volume rendering
of MFA models. Journal of Visualization. https://doi.org/10.1007/s12650-023-00946-y

Gerholz, K. H., Ciolek, S., & Wagner, A. C. (2020, September 30). Digital design of design
processes – A case study of a design research study in vocational education. EDeR.
Educational Design Research, 4(1). https://doi.org/10.15460/eder.4.1.1452

Zhang, X., & Cai, W. (2018, October 6). BDS four frequency carrier phase combination models
and their characteristics. Survey Review, 52(371), 97–106.
https://doi.org/10.1080/00396265.2018.1527088

Hwang, S., Nam, T., & Ha, H. (2021, July 3). From evidence-based policy making to data-driven
administration: proposing the data vs. value framework. International Review of Public
Administration, 26(3), 291–307. https://doi.org/10.1080/12294659.2021.1974176

Gill, G., & Jones, J. (2016). MULTI-FACTOR AUTHENTICATION AT JAGGED PEAK.

Journal of Information Technology Education: Discussion Cases, 5, 05.
https://doi.org/10.28945/3597

Cassidy, J., & Manor, I. (2016, May 26). Crafting strategic MFA communication policies during
times of political crisis: a note to MFA policy makers. Global Affairs, 2(3), 331–343.
https://doi.org/10.1080/23340460.2016.1239377

Libicki, M. C. (2011, January 1). Influences on the Adoption of Multifactor Authentication.

RAND Corporation.