The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to impersonate a trusted entity to conduct highly deceptive phishing attacks. In this work, we study email spoofing to answer three key questions: (1) How do email pro...

The process of verifying whether the voice sample presented to an authentication system is real (i.e., alive), or whether it is replayed or synthetic, and thus fraudulent. When authentication through a voice authentication system is requested, it is important to be sure that the person seeking the authentication actually provides the required voice sample at the time and place of the authentica...

GNSS spoofing is a technique used to deceive Global Navigation Satellite Systems (GNSS) receivers by broadcasting fake signals that appear be genuine. To detect spoofing, receiver can use various techniques such as monitoring signal strength, cross-checking data from multiple satellites, comparing the characteristics with expected patterns, and analyzing timing location information. Advanced de...

In this paper, we present the design and prototype of a new approach to cookie management: if a server deposits a cookie only after authenticating itself via the SSL handshake, the browser will return the cookie only to a server that can authenticate itself, via SSL, to the same keypair. This approach can enable usable but secure client authentication. This approach can improve the usability of...

Liveness detection is an important countermeasure against spoofing attacks on biometric authentication systems. In the context of audiovisual biometrics, synchrony detection is a proposed method for liveness confirmation. This paper presents a novel, text-dependent scheme for checking audiovisual synchronization in a video sequence. We present custom visual features learned using a unique deep ...

Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack. While the plugin, SpoofGuard, has been tested ...

In the past few years state-of-the-art text-dependent speaker verification technology has improved significantly in terms of the ability to accept target speakers and reject imposters. As a result, the use of speaker verification systems for real world security is increasing. Real world usage of speaker verification technology raises the issue of spoofing attacks. As part of our efforts for dev...

Marco Antônio Carnut and João J. C. Gondim, "ARP spoofing detection on switched ethernet networks: a feasibility study," 5th Symposium on Security in Informatics held at Brazilian Air Force Technology Institute, November 2003 Moxie Marlinspike, "SSLStrip, Black Hat DC 2009", Retrievedhttp://www. thoughtcrime. org/software/sslstrip/ D. Plummer. An ethernet address resolution ...