Augmenting Internet-Based Card Not Present Transactions with Trusted Computing (Extended Abstract)
Financial Cryptography and Data Security
e-EMV: emulating EMV for internet payments with trusted computing technologies
Proceedings of the 3rd ACM workshop on Scalable trusted computing
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Trusted computing: special aspects and challenges
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Trusted computing enhanced user authentication with OpenID and trustworthy user interface
International Journal of Internet Technology and Secured Transactions
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Hi-index | 0.00 |
Identity theft through phishing attacks has become a major concern for Internet users. Typically, phishing attacks aim at luring the user to a faked web site to disclose personal information. Existing solutions proposed against this kind of attack can, however, hardly counter the new generation of sophisticated malware phishing attacks, e.g., pharming Trojans, designed to target certain services. This paper aims at making the first steps towards the design and implementation of a security architecture that prevents both classical and malware phishing attacks. Our approach is based on the ideas of compartmentalization for isolating applications of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services. Once the wallet has been setup in an initial step, our solution requires no special care from users for identifying the right web sites while the disclosure of credentials is strictly controlled. Moreover, a prototype of the basic platform exists and we briefly describe its implementation.