Abstract :The Internet has become one of the most importanttechnologies in the world, and hackers use various methods tolaunch cyber attacks to profit from it. Phishing is one of famoussocial engineering attacks, it is often used to steal user data,including login credentials and credit card numbers. Althoughthe Transport Layer Security certificate is used to verify the trustof websites, there are still a series of vulnerabilities. The demandfor trusted IP addresses has led a lot of research, including IPwhitelisting, DNS filtering and so on. However, these technologiesstill have many shortcomings. In view of this, we proposeda novel mechanism for verifying websites using blockchaintechnology. The URL and IP address of a permissioned websiteare recorded in blockchain through a specific smart contract.A DNS query is executed through a smart contract designedto avoid URL redirection attacks. With the help of immutablenature of blockchian, phishing websites can be detected. Themechanism will not add any load to users and provides tamperprooffunctions based on the characteristics of blockchain. Thecomparison of related works shows that the proposed mechanismis more secure. We also provided a reference implementationof the proposed mechanism on Ethereum Quorum simulationplatform, which proves the effectiveness and practicability of themechanism.
Index terms :Blockchain, DNS security, Ethereum, smart contract.