Two-factor authentication: too little, too late
Communications of the ACM - Transforming China
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 2007 ACM workshop on Digital identity management
Visual security is feeble for anti-phishing
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Handbook of Information and Communication Security
Handbook of Information and Communication Security
| Hi-index | 0.00 |
Internet phishing attacks have been evolving along with the growth of online transactions on the Internet. MITM(Man-In-The-Middle) phishing is an attack that manipulates authentication and transaction information when an attacker is located in between a web server and a user. The possibility of this sort of phishing attack has been posed for a long time, but the menace was mostly ignored. Since Bruce Schneier introduced the concept of emasculating two-factor authentication in 2005, Leung and Jakobsson proposed Control Relay-MITM and doppelganger phishing attacks, respectively. In this paper, we introduce ART(Active Real-Time) MITM phishing attack as an enhanced phishing attack against above ones. While providing same UX(User eXperience) of real web server to a user, ART-MITM makes all security solutions that are installed on the user's computer useless and runs automated attack processes. To defeat against ART-MITM phishing attack, we propose a geo-location based QR-code authentication scheme using mobile phone. The proposed scheme provides convenience, mobility, and security for the user; as a result, the scheme can be seen as a realistic solution to such enhanced phishing attacks.