Abstract
In the mobile payment systems flow of confidential data is one of the essential and vital services. The customer’s sensitive data is always kept safe from the various kind of attacks, such as phishing and man-in-the-middle attacks. The current mobile authentication protocols put an extra burden on mobile device users to detect and avoid phishing attacks. In this paper, we propose a novel authentication protocol that deals with an Authentication Server (AS), which sends a nonce message to the mobile customer device to be signed, so that he/she can avoid phishing attacks. The phishing attacks are fraudulent e-mail messages appearing to come from legitimate enterprises to access the private information and to commit identity theft. On the other hand, over the Internet, so many associated attacks are also possible, and it can quickly spread across the Internet and cause severe damage to our society. In this paper, we mainly focus on a phishing attack in the mobile environment with the help of an authentication server. Our We simulate our proposed approach with the verification model checking tool Scyther, which rigorously analyses our proposed scheme and shows that our proposed method is secure and safe from phishing attacks.