A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Non-interactive oblivious transfer and applications
CRYPTO '89 Proceedings on Advances in cryptology
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Hash visualization in user authentication
CHI '00 Extended Abstracts on Human Factors in Computing Systems
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Password authenticated key exchange using hidden smooth subgroups
Proceedings of the 12th ACM conference on Computer and communications security
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Anti-phishing based on automated individual white-list
Proceedings of the 4th ACM workshop on Digital identity management
Visual security is feeble for anti-phishing
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Geo-location based QR-Code authentication scheme to defeat active real-time phishing attack
Proceedings of the 2013 ACM workshop on Digital identity management
| Hi-index | 0.00 |
We present a new authentication protocol called Delayed Password Disclosure. Based on the traditional user name and password paradigm, the protocol's goal is aimed at reducing the effectiveness of phishing/spoofing attacks that are becoming increasingly problematic for Internet users. This is done by providing the user with dynamic feedback while password entry occurs. While this is a process that would normally be frowned upon by the cryptographic community, we argue that it may result in more effective security than that offered by currently proposed "cryptographically acceptable" alternatives. While the protocol cannot prevent partial disclosure of one's password to the phisher, it does provide a user with the tools necessary to recognizean on going phishing attack, and prevent the disclosure of his/her entire password, providing graceful security degradation.