The Game of Phishing

I researched the ability of browsers to counterfeit the behaviour of installed software. In full screen mode browsers can counterfeit almost anything, including BSOD, formatting the hard drive and fake login screens. I found one category of behaviour which could not be counterfeited by a remote website. On examination every solution in that category was a secret known by the computer user and her browser. That is, remote websites cannot counterfeit what they do not know. Neither Bob nor Mallory know secrets shared between the computer user and her computer. This transformed game theory research into cryptography research. On successful verification of a TLS certificate’s digital signature the browser should present the ’user-browser’ shared secret together with the TLS certificate’s identity credentials. This allows the user to authenticate both her browser and the identity specified in the TLS certificate. Following these conclusions, an authentication mechanism for manufactured goods is presented.