Hash visualization in user authentication
CHI '00 Extended Abstracts on Human Factors in Computing Systems
Proceedings of the 11th USENIX Security Symposium
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A framework for detection and measurement of phishing attacks
Proceedings of the 2007 ACM workshop on Recurring malcode
Method for Evaluating the Security Risk of a Website Against Phishing Attacks
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Visual security is feeble for anti-phishing
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Depress phishing by CAPTCHA with OTP
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Assessing the severity of phishing attacks: A hybrid data mining approach
Decision Support Systems
SPS: a simple filtering algorithm to thwart phishing attacks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Lightweight email signatures (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
A quantitative approach to estimate a website security risk using whitelist
Security and Communication Networks
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
In this paper, we propose a new class of Human Interactive Proofs (HIPs) that allow a human to distinguish one computer from another. Unlike traditional HIPs, where the computer issues a challenge to the user over a network, in this case, the user issues a challenge to the computer. This type of HIP can be used to detect phishing attacks, in which websites are spoofed in order to trick users into revealing private information. We define five properties of an ideal HIP to detect phishing attacks. Using these properties, we evaluate existing and proposed anti-phishing schemes to discover their benefits and weaknesses. We review a new anti-phishing proposal, Dynamic Security Skins (DSS), and show that it meets the HIP criteria. Our goal is to allow a remote server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. In our scheme, the web server presents its proof in the form of an image that is unique for each user and each transaction. To authenticate the server, the user can visually verify that the image presented by the server matches a reference image presented by the browser.