Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Proceedings of the 11th USENIX Security Symposium
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Visual spoofing of SSL protected web sites and effective countermeasures
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Hi-index | 0.01 |
The anti-spoofing community has been intensively proposing new methods for defending against new spoofing techniques. It is still challenging for protecting naïve users from advanced spoofing attacks. In this paper, we analyze the problems within those anti-spoofing mechanisms and propose a new Automatic Detecting Security Indicator (ADSI) scheme. This paper describe the trust model in ADSI in detail firstly. In a secure transaction, ADSI may generate a random picture and embed it into the current web browser. This can be triggered by any security relevant event occurred on the browser, and then performs automatic checking on current active security status. When a mismatch of embedded images is detected, an alarm goes off to alert the users. Since an adversary is hard to replace or mimic the randomly generated picture, the web-spoofing attack can not be mounted. In comparison with existing proposals, our scheme has the weakest security assumption and places a very low burden on the computer by automating the process of detection and recognition of the web-spoofing for SSL-enabled communication. Moreover, this scheme has little intrusive on the browser. Finally, this scheme can be implemented in trusted PC at Internet Cafe requiring neither Logo Certification Authority, nor the scheme of personalization.