Communications of the ACM
Proceedings of the 11th USENIX Security Symposium
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Phishing Attacks Rising, But Dollar Losses Down
IEEE Security and Privacy
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Modeling and preventing phishing attacks
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Who'd phish from the summit of kilimanjaro?
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Phish and HIPs: human interactive proofs to detect phishing attacks
HIP'05 Proceedings of the Second international conference on Human Interactive Proofs
Proceedings of the 2007 ACM workshop on Digital identity management
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SC@CCO: a Graphic-Based Authentication System
Proceedings of the 1st European Workshop on System Security
International Journal of Applied Cryptography
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Seeing-Is-Believing: using camera phones for human-verifiable authentication
International Journal of Security and Networks
On the Theory and Practice of Personal Digital Signatures
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
SessionMagnifier: a simple approach to secure and convenient kiosk browsing
Proceedings of the 11th international conference on Ubiquitous computing
CSNA '07 Proceedings of the IASTED International Conference on Communication Systems, Networks, and Applications
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Using one-time passwords to prevent password phishing attacks
Journal of Network and Computer Applications
Phi.sh/$oCiaL: the phishing landscape through short URLs
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
SP'11 Proceedings of the 19th international conference on Security Protocols
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secret information display based authentication technique towards preventing phishing attacks
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Contextual OTP: mitigating emerging man-in-the-middle attacks with wireless hardware tokens
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Proceedings of the 2012 ACM conference on Computer and communications security
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
WebCallerID: Leveraging cellular networks for Web authentication
Journal of Computer Security
| Hi-index | 0.00 |
Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.We demonstrate the practicality of our system with a prototype implementation.