Defeating Active Phishing Attacks for Web-Based Transactions
نویسندگان
چکیده
Till now, the best defense against phishing is the use of two-factor authentication systems. Yet this protection is short-lived and comparatively weak. The absence of a fool-proof solution against Man-inthe-Middle, or Active Phishing, attacks have resulted in an avalanche of security practitioners painting bleak scenarios where Active Phishing attacks cripple the growth of web-based transactional systems. Even with vigilant users and prudent applications, no solutions seem to have addressed the attacks comprehensively. In this chapter, the authors propose the new Two-factor Interlock Authentication Protocol (TIAP), adapted from the Interlock Protocol with two-factor authentication, which is able to defend successfully against Active Phishing attacks. They further scrutinize the TIAP by simulating a series of attacks against the protocol and demonstrate how each attack is defeated.
منابع مشابه
Phishing - A Growing Threat to E-Commerce
In today’s business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing – a constantly growing and evolving threat to Internet based comm...
متن کاملطراحی سیستم خبره به منظور تشخیص حملههای فیشینگ در بانکداری الکترونیکی
In e-commerce and e-banking environments, one of the most risks or challenges which must be considered, is the risk of online fraud specially phishing attacks. In this study, we use some visual and technical identifies of a phishing web site as parameters to implement an expert system to diagnose this type of attack in electronic banking. In the proposed system, we use 27 different features as ...
متن کاملDetecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کاملAnti-Phishing framework based on Extended Visual Cryptography and QR code
Nowadays Online transactions are become very common and there are various attacks occur behind this. In these types of various attacks, phishing is very common attack. For detecting this attack various anti-phishing mechanisms are used. Propose a new authentication scheme for se-cure OTP distribution in phishing website detection through EVC and QR codes. The Website Detection using extended vi...
متن کاملOn the Effectiveness of Techniques to Detect Phishing Sites
Abstract. Phishing is an electronic online identity theft in which the attackers use a combination of social engineering and web site spoofing techniques to trick a user into revealing confidential information. This information is typically used to make an illegal economic profit (e.g., by online banking transactions, purchase of goods using stolen credentials, etc.). Although simple, phishing ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJISP
دوره 1 شماره
صفحات -
تاریخ انتشار 2007