Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Proceedings of the 11th USENIX Security Symposium
Stopping spyware at the gate: a user study of privacy, notice and spyware
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Phish and HIPs: human interactive proofs to detect phishing attacks
HIP'05 Proceedings of the Second international conference on Human Interactive Proofs
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secrecy, flagging, and paranoia: adoption criteria in encrypted email
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An Antiphishing Strategy Based on Visual Similarity Assessment
IEEE Internet Computing
PHONEY: Mimicking User Response to Detect Phishing Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Securing user inputs for the web
Proceedings of the second ACM workshop on Digital identity management
Privacy preserving multi-factor authentication with biometrics
Proceedings of the second ACM workshop on Digital identity management
Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD)
IEEE Transactions on Dependable and Secure Computing
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Establishing and protecting digital identity in federation systems
Journal of Computer Security - The First ACM Workshop on Digital Identity Management -- DIM 2005
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Tracking website data-collection and privacy practices with the iWatch web crawler
Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Queue - Web Development
Communications of the ACM
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
A framework for detection and measurement of phishing attacks
Proceedings of the 2007 ACM workshop on Recurring malcode
Proceedings of the 2007 ACM workshop on Digital identity management
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
International Journal of Applied Cryptography
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Human-in-the-loop: rethinking security in mobile and pervasive systems
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Privacy preserving multi-factor authentication with biometrics
Journal of Computer Security - The Second ACM Workshop on Digital Identity Management - DIM 2006
Phishing attacks and solutions
Proceedings of the 3rd international conference on Mobile multimedia communications
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
On the Effectiveness of Techniques to Detect Phishing Sites
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Method for Evaluating the Security Risk of a Website Against Phishing Attacks
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Assessing anti-phishing preparedness: A study of online banks in Hong Kong
Decision Support Systems
Anti-phishing based on automated individual white-list
Proceedings of the 4th ACM workshop on Digital identity management
Visual-similarity-based phishing detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Collective information practice: emploring privacy and security as social and cultural phenomena
Human-Computer Interaction
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
On user involvement in production of images used in visual authentication
Journal of Visual Languages and Computing
Trust modelling for online transactions: a phishing scenario
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Phishing defense against IDN address spoofing attacks
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A hybrid phish detection approach by identity discovery and keywords retrieval
Proceedings of the 18th international conference on World wide web
Scalable Detection and Isolation of Phishing
AIMS '09 Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services
Proceedings of the 2008 workshop on New security paradigms
User-aware provably secure protocols for browser-based mutual authentication
International Journal of Applied Cryptography
Online phishing classification using adversarial data mining and signaling games
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Adaptive Security Dialogs for Improved Security Behavior of Users
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Biometrics-based identifiers for digital identity management
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Detecting visually similar Web pages: Application to phishing detection
ACM Transactions on Internet Technology (TOIT)
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
Practical uses of virtual machines for protection of sensitive user data
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Privacy requirements in identity management solutions
Proceedings of the 2007 conference on Human interface: Part II
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Phishing IQ tests measure fear, not ability
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Intelligent phishing detection system for e-banking using fuzzy data mining
Expert Systems with Applications: An International Journal
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
Kamouflage: loss-resistant password management
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Reinforcing bad behaviour: the misuse of security indicators on popular websites
Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
Cost and benefit analysis of authentication systems
Decision Support Systems
SUT: Quantifying and mitigating URL typosquatting
Computer Networks: The International Journal of Computer and Telecommunications Networking
CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites
ACM Transactions on Information and System Security (TISSEC)
Phi.sh/$oCiaL: the phishing landscape through short URLs
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
Socio-technological phishing prevention
Information Security Tech. Report
PhorceField: a phish-proof password ceremony
Proceedings of the 27th Annual Computer Security Applications Conference
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
ViWiD: visible watermarking based defense against phishing
IWDW'05 Proceedings of the 4th international conference on Digital Watermarking
SPS: a simple filtering algorithm to thwart phishing attacks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Preventing web-spoofing with automatic detecting security indicator
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Trustworthiness testing of phishing websites: A behavior model-based approach
Future Generation Computer Systems
Impersonator identification through dynamic fingerprinting
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Using automated individual white-list to protect web digital identities
Expert Systems with Applications: An International Journal
Secret information display based authentication technique towards preventing phishing attacks
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Proceedings of the 2012 ACM conference on Computer and communications security
A quantitative approach to estimate a website security risk using whitelist
Security and Communication Networks
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
A game design framework for avoiding phishing attacks
Computers in Human Behavior
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
TabShots: client-side detection of tabnabbing attacks
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Explicit authentication response considered harmful
Proceedings of the 2013 workshop on New security paradigms workshop
Visualizations and Switching Mechanisms for Security Zones
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
ECC-based anti-phishing protocol for cloud computing services
International Journal of Security and Networks
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.02 |
Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users.We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme.We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields.Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a "skin" that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user's browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match.We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.