A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Fair exchange with a semi-trusted third party (extended abstract)
Proceedings of the 4th ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Hash visualization in user authentication
CHI '00 Extended Abstracts on Human Factors in Computing Systems
Non-Interactive Oblivious Transfer and Spplications
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Password authenticated key exchange using hidden smooth subgroups
Proceedings of the 12th ACM conference on Computer and communications security
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Phishing IQ tests measure fear, not ability
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Messin' with texas deriving mother's maiden names using public records
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
We present a new authentication protocol called Delayed Password Disclosure (DPD). Based on the traditional username and password paradigm, the protocol's goal is aimed at reducing the effectiveness of phishing/spoofing attacks that are becoming increasingly problematic for Internet users. This is done by providing the user with dynamic feedback while password entry occurs. While this is a process that would normally be frowned upon by the cryptographic community, we argue that it may result in more effective security than that offered by currently proposed 'cryptographically acceptable' alternatives. While the protocol cannot prevent partial disclosure of one's password to the phisher, it does provide a user with the tools necessary to recognise an ongoing phishing attack, and prevent the disclosure of his/her entire password, providing graceful security degradation.