The Game of Phishing

Joseph Kilcullen

 Moylurg, Foxford Road, Ballina, Co. Mayo, F26 D9D2, Ireland. 

ABSTRACT 

The current implementation of TLS involves your browser displaying a padlock, and a green bar, after successfully verifying the digital signature on the TLS certificate. Proposed is a solution where your browser's response to successful verification of a TLS certificate is to display a login window. That login window displays the identity credentials from the TLS certificate, to allow the user to authenticate Bob. It also displays a 'user-browser' shared secret i.e. a specific picture from your hard disk. This is not SiteKey, the image is shared between the computer user and their browser. It is never transmitted over the internet. Since sandboxed websites cannot access your hard disk this image cannot be counterfeited by phishing websites. Basically if you view the installed software component of your browser as an actor in the cryptography protocol, then the solution to phishing attacks is classic cryptography, as documented in any cryptography textbook. 

KEYWORDS

 Game theory, phishing, authentication, cryptography

Comments

Post a Comment

Popular posts from this blog

Implementation of a New Methodology to Reduce the Effects of Changes of Illumination in Face Recognition-based Authentication Andres

Image
Implementation of a New Methodology to Reduce the Effects of Changes of Illumination in Face Recognition-based Authentication Andres  Alarcon-Ramirez, and Mohamed F. Chouikha  Department of Electrical Engineering, Howard University, Washington DC ABSTRACT   In this paper, the study of the effects of illumination changes in the process of face recognition is discussed. Additionally, a new methodology that integrates Single-Scale Retinex (SSR) and Scale Invariant Feature Transform (SIFT) is presented. The proposed methodology addresses the problem of illumination changes in face recognition-based authentication systems. To do this, the SSR transform eliminates the component of luminance from the face image and recovers the reflectance component which is invariant to illumination changes; then, the SIFT transform detects interest points from the reflectance component of the face image. The interest points are features rich in information and may be used to ...
Read more

A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION

Image
A DEFENSE MECHANISM FOR CREDIT CARD FRAUD DETECTION   M.Sasirekha , Sumaiya Thaseen   and Saira Banu School of Computing Science and Engineering, VIT University, Tamil Nadu, India. ABSTRACT Computer security is one of the key areas where lot of research is being done. Many intrusion detection techniques are proposed to ensure the network security, protect network resources and network infrastructures. Intrusion detection systems (IDS) attempt to detect attacks by gathering network data and analyze the information from various areas to identify the possible intrusions. This paper proposes a defense mechanism combining three approaches such as anomaly, misuse and decision making model to produce better detection accuracy and a decreased false positive rate. The defense mechanism can be built to detect the attacks in credit card system using Hidden Markov approach in the anomaly detection module. The credit card holder’s behaviours are taken as attributes and t...
Read more

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT

Image
DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT  Alexander Beck, Jens Graupmann, Frank Ortmeier Computer Systems in Engineering, Otto-von-Guericke-University, Magdeburg, Germany  ABSTRACT  The paper proposes a method based on different security-related factors to dynamically calculate the validity period of digital certificates. Currently validity periods are most often defined statically without scientific justification. This approach is not sufficient to objectively consider the actual need for security. Therefore the approach proposed in this paper considers relevant security criteria in order to calculate a meaningful validity period for digital certificates. This kind of security assessment can be executed periodically in order to dynamically respond to changing conditions. Especially in the context of complex systems and infrastructures that have an increased need for security, privacy and availab...
Read more