A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Preventing identity theft with electronic identity cards and the trusted platform module
Proceedings of the Second European Workshop on System Security
| Hi-index | 0.00 |
Phishing, pharming and MITM attacks, i.e. the theft of user credentials, are a major threat to e-commerce applications. As soon as the attacker manages to talk a user into revealing his/her credentials needed to access an e-commerce application (e.g. user name, password, transaction number (TAN) in case of e-banking applications), the user's account is open to any kind of (financial) transaction by the attacker. In this paper, we propose using the trusted platform module (TPM) --- a piece of hardware which will be built into all computers shipped in the near future --- for ensuring both an e-commerce application's integrity and binding user authentication to user credentials and the usage of specific hardware during the authentication process. By doing so, strong authentication is achieved (something one knows is combined with something one possesses physically), which renders phishing attacks unsuccessful as the phisher will not be in possession of the required hardware and therefore getting user credentials will not open the e-commerce account for exploitation.