PERTAHANAN PENCEGAHAN SERANGAN SOCIAL ENGINEERING MENGGUNAKAN TWO FACTOR AUTHENTICATION (2FA) BERBASIS SMS (SHORT MESSAGE SYSTEM)

Slamet Slamet

Abstract


Advances in digital technology have made communication between humans faster and easier. On the other hand, a lot of personal information is available online through social media and services that do not have security measures in place to protect this information. Therefore, the communication system is very vulnerable and easily penetrated by intruder due to social engineering attacks. This attack aims to deceive individuals or companies by taking actions that benefit the attacker. The trick is to provide personal data such as PIN numbers, health records, and passwords. This attack phenomenon is one of the biggest challenges in maintaining the security of personal data because this attack model takes advantage of human nature which is easy to trust others. This paper provides an in-depth survey of high-success social engineering attacks, using a 2 Factor Authentication (2FA) model by examining user accounts, to detect and avoid attempted account fraud via SMS (Short Message System). Experimental results show that attack success can be reduced to 10% and aggressive intruders can be caught by 70% of users in forwarding user verification code.

Keywords


Social Engineering, Security, 2FA, SMS

Full Text:

PDF

References


Chetioui, K., Bah, B., Alami, A. O., & Bahnasse, A. (2022). Overview of Social Engineering Attacks on Social Networks. Procedia Computer Science, 198, 656-661.

Mashtalyar, N., Ntaganzwa, U. N., Santos, T., Hakak, S., & Ray, S. (2021, July). Social engineering attacks: Recent advances and challenges. In International Conference on Human-Computer Interaction (pp. 417-431). Springer, Cham.

Syafitri, W., Shukur, Z., Mokhtar, U. A., Sulaiman, R., & Ibrahim, M. A. (2022). Social Engineering Attacks Prevention: A Systematic Literature Review. IEEE Access.

Matyokurehwa, K., Rudhumbu, N., Gombiro, C., & Chipfumbuâ€Kangara, C. (2022). Enhanced social engineering framework mitigating against social engineering attacks in higher education. Security and Privacy, 5(5), e237.

Indarta, Y., Ranuhardja, F., Ashari, I. F., Sihotang, J. I., Simarmata, J., Harmayani, H., ... & Idris, M. (2022). Keamanan Siber: Tantangan di Era Revolusi Industri 4.0. Yayasan Kita Menulis.

Tirfe, D., & Anand, V. K. (2022). A survey on trends of two-factor authentication. In Contemporary Issues in Communication, Cloud and Big Data Analytics (pp. 285-296). Springer, Singapore.

Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods. IEEE Access, 9, 11895-11910.

Tulkarm, P. (2021). A Survey of Social Engineering Attacks: Detection and Prevention Tools. Journal of Theoretical and Applied Information Technology, 99(18).

Hijji, M., & Alam, G. (2021). A multivocal literature review on growing social engineering based cyber-attacks/threats during the COVID-19 pandemic: challenges and prospective solutions. Ieee Access, 9, 7152-7169.

Yasin, A., Fatima, R., Liu, L., Wang, J., Ali, R., & Wei, Z. (2021). Understanding and deciphering of social engineering attack scenarios. Security and Privacy, 4(4), e161.

Subbalakshmi, C., Pareek, P. K., & Sayal, R. (2022). A Study on Social Engineering Attacks in Cybersecurity. In Innovations in Computer Science and Engineering (pp. 59-71). Springer, Singapore.

Barik, K., Konar, K., Banerjee, A., Das, S., & Abirami, A. (2022). An Exploration of Attack Patterns and Protection Approaches Using Penetration Testing. In Intelligent Data Communication Technologies and Internet of Things (pp. 491-503). Springer, Singapore.

Duarte, N., Coelho, N., & Guarda, T. (2021, November). Social Engineering: The Art of Attacks. In International Conference on Advanced Research in Technologies, Information, Innovation and Sustainability (pp. 474-483). Springer, Cham.

Cialdini, R. B. (2009) Influence: the psychology of persuasion. HarperCollins e-books

Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89.

Conteh, N. Y. (2021). The dynamics of social engineering and cybercrime in the digital age. In Ethical Hacking Techniques and Countermeasures for Cybercrime Prevention (pp. 144-149). IGI Global.

Siddiqi, M. A., Pak, W., & Siddiqi, M. A. (2022). A study on the psychology of social engineering-based cyberattacks and existing countermeasures. Applied Sciences, 12(12), 6042.

Mahmood Saqib, R., Shahid Khan, A., Javed, Y., Ahmad, S., Nisar, K., A Abbasi, I., ... & Ahmadi Julaihi, A. (2022). Analysis and intellectual structure of the multi-factor authentication in information security. Intelligent Automation & Soft Computing, 32(3), 1633-1647.

Matelski, S. (2022, June). Human-Computable OTP Generator as an Alternative of the Two-Factor Authentication. In Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference (pp. 64-71).

Suhyana, F. A., Suseno, S., & Ramli, T. S. (2021). Transaksi Ilegal Menggunakan Kartu ATM Milik Orang Lain. SIGn Jurnal Hukum, 2(2), 138-156.

Bodhi, S., & Tan, D. (2022). Keamanan Data Pribadi dalam Sistem Pembayaran E-Wallet Terhadap Ancaman Penipuan dan Pengelabuan (Cybercrime). UNES Law Review, 4(3), 297-308.

Faircloth, C., Hartzell, G., Callahan, N., & Bhunia, S. (2022, June). A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft. In 2022 IEEE World AI IoT Congress (AIIoT) (pp. 501-507). IEEE.




DOI: http://dx.doi.org/10.53567/spirit.v14i2.260

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Slamet Slamet

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

 

Diindeks Oleh:

SPIRIT : Sarana Penunjang Informasi Terkini

Diterbitkan oleh Teknologi Informasi Institut Teknologi dan Bisnis Yadika Pasuruan
Alamat Redaksi: Jl. Bader No.9, Kwangsan, Kalirejo, Kec. Bangil, Pasuruan, Jawa Timur 67153
Telp/Fax: (0343) 742070 , Email : lppm@stmik-yadika.ac.id
Google Maps :  Klik Disini

 Creative Commons License
Karya ini dilisensikan di bawah  Lisensi Internasional Creative Commons Atribusi 4.0 .