STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The round complexity of secure protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Non-interactive oblivious transfer and applications
CRYPTO '89 Proceedings on Advances in cryptology
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
The Economic Incentives for Sharing Security Information
Information Systems Research
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Fairplay—a secure two-party computation system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Highly-efficient universally-composable commitments based on the DDH assumption
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Ethical dilemmas in take-down research
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
A key way in which banks mitigate the effects of phishing is to remove fraudulent websites or suspend abusive domain names. This ‘take-down’ is often subcontracted to specialist firms. Prior work has shown that these take-down companies refuse to share ‘feeds’ of phishing website URLs with each other, and consequently, many phishing websites are not removed because the firm with the take-down contract remains unaware of their existence. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might ‘free-ride’ off their efforts by not investing resources to find new websites, as well as use the feeds to poach clients. In this paper, we propose the Phish-Market protocol, which enables companies with less comprehensive feeds to learn about websites impersonating their own clients that are held by other firms. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor’s clients and only those previously unknown to the receiving firm. Crucially, the protocol does not reveal to the contributing firm which URLs are needed by the receiver, as this is viewed as sensitive information by take-down firms. Using complete lists of phishing URLs obtained from two large take-down companies, our elliptic-curve-based implementation added a negligible average 5 second delay to securely share URLs.