Preventing Phishing Attacks Using Trusted Computing Technology
نویسندگان
چکیده
Most secure web sites use the SSL/TLS protocol for server authentication. SSL/TLS supports mutual authentication, i.e. both server and client authentication. However, this optional feature of SSL/TLS is not used by most web sites because not every client has a certified public key. Instead user authentication is typically achieved by sending a password to the server after the establishment of an SSL-protected channel. Certain attacks rely on this fact, such as web spoofing and phishing attacks. In this paper the issue of online user authentication is discussed, and a method for online user authentication using trusted computing platforms is proposed. The proposed approach makes a class of phishing attacks ineffective; moreover, the proposed method can also be used to protect against other online attacks.
منابع مشابه
Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks
Identity theft through phishing attacks has fostered to a major concern of Internet users. Classical phishing attacks aim at luring the user to a faked web site to disclose personal information. Various solutions have been proposed against this kind of attack. However, these solutions can hardly counter the new generation of sophisticated malware phishing attacks designed to target certain serv...
متن کاملSTONe: Secure Trusted Overlay Networks for Robust Privacy-Protecting Communication
This paper presents STONe, Secure Trusted Overlay Network, a novel robust network infrastructure that provides privacypreserving communication. STONe is the first network architecture based on attestation and strong process isolation in Trusted Computing. Using these features to protect the network stack against Byzantine failures, STONe is able to establish different protection techniques agai...
متن کاملPhishing website detection using weighted feature line embedding
The aim of phishing is tracing the users' s private information without their permission by designing a new website which mimics the trusted website. The specialists of information technology do not agree on a unique definition for the discriminative features that characterizes the phishing websites. Therefore, the number of reliable training samples in phishing detection problems is limited. M...
متن کاملDesigning Antiphishing Education
Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are known for their ability to exploit the human aspect of a computer system by pretending to originate from a source trusted by the victim. While technology defenses have been setup for protection, people are still succumbing to these attacks at alarmi...
متن کاملTrusted Computing: Challenges & Solutions
Most citizens of the world today are fighting for – either by battling viruses, spam, phishing or other malware, or by fending off schemes to compromise privacy and extract confidential information. With these worries in mind, the Trusted Computing Group (TCG) was established to develop specifications for trusted computing building blocks and software interfaces that could address the problems ...
متن کامل