Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Visual Authentication and Identification
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Two-factor authentication: too little, too late
Communications of the ACM - Transforming China
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On the performance of wide-area thin-client computing
ACM Transactions on Computer Systems (TOCS)
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Visual security is feeble for anti-phishing
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Phish and HIPs: human interactive proofs to detect phishing attacks
HIP'05 Proceedings of the Second international conference on Human Interactive Proofs
Visual security is feeble for anti-phishing
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
| Hi-index | 0.02 |
Addressing recent online banking threats, the main challenges are to enable safe online banking on a compromised host, and solving the general ignorance of security warning. There are costly hardware solutions proposed for login authentication to transaction verification. However, we are always looking for an usable solution with higher acceptance and less effort. CAPTCHA is primarily used to anti bot automated login, also, CAPTCHA base application can further provides secure PIN input against keylogger and mouse-logger for Bank's customer[1]. However, assuming users are always unconscious of security warning, under this interesting condition, CAPTCHA alone is nothing to anti-phishing[2]. But, the CAPTCHA idea is still worth to be developed. In this paper, we present the Extended CAPTCHA Input System (ECIS), which we firstly extend the CAPTCHA idea to defend Real-Time Man-In-The-Middle(RT-MITM)attack[3] and our proposed CR-MITM attack[2]. The trick is to employ a moving CAPTCHA for input of One-Time-Password(OTP) with time restriction, which can depress MITM auto-relaying of information as well as human assisted MITM attack. Our solution reuses the large scale shipped OTP token which can save huge amount of money instead of re-design and shipping of a new hardware solution.