Protecting Users against Phishing Attacks
The Computer Journal
Anti-Phishing by Smart Mobile Device
NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
At the present time, phishing attacks are more and more sophisticated and they continue to be an issue, especially for financial institutes. The most common defense mechanisms used today are effective if the phishing attack is passive, while completely useless in the case of active phishing attacks. To face both threats, we propose SC@CCO, an innovative system combining the security of challenge-response and two factor authentication mechanisms. SC@CCO uses an untrustworthy terminal, such as a shared computer, and an insecure channel, such as the Internet, to carry a graphic challenge from which a trusted mobile terminal computes the expected authentication response. The latter is shown to the user and subsequently submitted to the server, along with a personal identification number, in order to complete the authentication. The graphic challenge is obtained by encoding a challenge into a bi-dimensional barcode image. The trusted mobile terminal of the user must be equipped with a common digital camera and an appropriate client application. In the present approach, the personal mobile device plays the role of a security token able to authenticate, on one hand, who is issuing a transaction, and, on the other hand, the transaction data, with the advantage that the user does not have to install devices and/or software on an untrustworthy computer.