Communications of the ACM - Ontology: different ways of representing the same concept
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Proceedings of the 11th USENIX Security Symposium
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Protecting Users Against Phishing Attacks with AntiPhish
COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
PHONEY: Mimicking User Response to Detect Phishing Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
OpenID 2.0: a platform for user-centric identity management
Proceedings of the second ACM workshop on Digital identity management
Learning to detect phishing emails
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Building Anti-Phishing Browser Plug-Ins: An Experience Report
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
SPP: An anti-phishing single password protocol
Computer Networks: The International Journal of Computer and Telecommunications Networking
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
iPhish: phishing vulnerabilities on consumer electronics
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
On the Effectiveness of Techniques to Detect Phishing Sites
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Visual-similarity-based phishing detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Anti-Phishing in Offense and Defense
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Phishpin: An Identity-Based Anti-phishing Approach
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
A zero knowledge password proof mutual authentication technique against real-time phishing attacks
ICISS'07 Proceedings of the 3rd international conference on Information systems security
PhishTester: Automatic Testing of Phishing Attacks
SSIRI '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement
CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites
ACM Transactions on Information and System Security (TISSEC)
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
The term "phishing" describes a class of social engineering attacks on authentication systems, that aim to steal the victim's authentication credential, e.g., the username and password. The severity of phishing is recognized since the mid-1990's and a considerable amount of attention has been devoted to the topic. However, currently deployed or proposed countermeasures are either incomplete, cumbersome for the user, or incompatible with standard browser technology. In this paper, we show how modern JavaScript API's can be utilized to build PhishSafe, a robust authentication scheme, that is immune against phishing attacks, easily deployable using the current browser generation, and requires little change in the end-user's interaction with the application. We evaluate the implementation and find that it is applicable to web applications with low efforts and causes no tangible overhead.