A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks

نویسندگان

  • Mohsen Sharifi
  • Alireza Saberi
  • Mojtaba Vahidi-Asl
  • Mohammad Zoroufi
چکیده

Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user interfaces and thus defend themselves against spoofing. The proposed technique assumes the preexistence of a shared secret key between any two communicating partners, and ignores the existence of any malware at client sides.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

One - time - password - authenticated key exchange ( full version ) Kenneth

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time password...

متن کامل

One-Time-Password-Authenticated Key Exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time password...

متن کامل

Fortification of Transport Layer Security Protocol by using Password and Fingerprint as Identity Authentication Parameters

Whenever there is communication between Client and Server over a public link and resources are to be accessed from remote systems, then proving an identity becomes quiet complex because there is need of proper access rights with authentication. Complete security at the transport layer starts with proof of authentication, majority organizations only use password for security but this research pa...

متن کامل

A PAKE – SRP 6 BROWSER EXTENSION Alexandru

The username/password paradigm is a well-known authentication mechanism. Probably the most common version in use is the password authentication via an HTML form. The user has to type his/her password directly into a web page from the site to which he/she wishes to authenticate himself/herself. The problem with using this approach is that it relies on the user to determine when it is safe to ent...

متن کامل

Preventing Phishing Attacks Using Trusted Computing Technology

Most secure web sites use the SSL/TLS protocol for server authentication. SSL/TLS supports mutual authentication, i.e. both server and client authentication. However, this optional feature of SSL/TLS is not used by most web sites because not every client has a certified public key. Instead user authentication is typically achieved by sending a password to the server after the establishment of a...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007