Prototyping a Lightweight Trust Architecture to Fight Phishing
نویسنده
چکیده
LTA is a lightweight trust architecture that fights phishing attacks by authenticating e-mail messages. LTA uses separable identity-based ring signatures, which are more attractive than traditional digital signatures for e-mail signing. Because the signatures are identity-based, users do not need to generate keys ahead of time. And because the ring signatures are repudiable, users do not need to adapt to having every message they send be binding. This paper describes a complete implementation of LTA. Our prototype includes a keyserver that supplies secret keys to users, a DNS server that serves a master public key, and an e-mail client that can sign messages and verify signatures. These components use the message-processing functions and cryptographic primitives that we implemented. Our prototype demonstrates that LTA is a feasible and practical system for authenticating e-mail and for fighting phishing attacks.
منابع مشابه
Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails
We present a novel key distribution architecture and a novel use of a particular identity-based digital signature scheme for making email trustworthy. Like typical digital signatures, our solution fights email-based phishing attacks and mitigates spam by detecting spoofed emails. Unlike typical digital signatures, our approach requires no complex, preestablished public-key infrastructure nor co...
متن کاملAnti-Phishing Research: The Journey so Far
Phishing attacks are becoming an everyday threat to the ever growing cyber community. Regrettably, most online users do not understand some of the simplest indicators of a typical phishing scam. In addition, the sophistication of some of the newest phishing defeat most of the current software-based countermeasure and anti-phishing education. In this work, a new paradigm-shift architecture is pr...
متن کاملA Novel Architecture for Detecting Phishing Webpages using Cost-based Feature Selection
Phishing is one of the luring techniques used to exploit personal information. A phishing webpage detection system (PWDS) extracts features to determine whether it is a phishing webpage or not. Selecting appropriate features improves the performance of PWDS. Performance criteria are detection accuracy and system response time. The major time consumed by PWDS arises from feature extraction that ...
متن کاملTracking Phishing Attacks Over Time
The so-called “phishing” attacks are one of the important threats to individuals and corporations in today’s Internet. Combatting phishing is thus a top-priority, and has been the focus of much work, both on the academic and on the industry sides. In this paper, we look at this problem from a new angle. We have monitored a total of 19,066 phishing attacks over a period of ten months and found t...
متن کاملLIGHTest - A Lightweight Infrastructure for Global Heterogeneous Trust Management
LIGHT is a project that is partially funded by the European Commission as an Innovation Action as part of the Horizon2020 program under grant agreement number 700321. LIGHT‘s objective is to create a Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes. We show supported scenarios, motivate the necessity for globa...
متن کامل