PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH

被引:0
|
作者
Tout, Hicham [1 ]
机构
[1] Nova SE Univ, Sch Comp & Informat Sci, Ft Lauderdale, FL 33314 USA
来源
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2009年
关键词
Phishing; Spam; Information security; Identity theft; Social engineering; Encryption; Hash algorithms; One time password; Digital certificates; Online scams; Web; Pharming;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Phishing is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. One of the primary goals of phishing is to illegally carry fraudulent financial transactions on behalf of users. The two primary vulnerabilities exploited by phishers are: Inability of non-technical/unsophisticated users to always identify spoofed emails or Web sites; and the relative ease with which phishers masquerade as legitimate Web sites. This paper presents Phishpin, an approach that leverages the concepts of mutual authentication to require online entities to prove their identities. To this end, Phishpin builds on One-Time-Password, DNS, partial credentials sharing, & client filtering to prevent phishers from masquerading as legitimate online entities.
引用
收藏
页码:369 / 374
页数:6
相关论文
共 50 条
  • [31] Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
    Gupta, Srishti
    Kumaraguru, Ponnurangam
    PROCEEDINGS OF THE 2014 APWG SYMPOSIUM ON ELECTRONIC CRIME RESEARCH (ECRIME), 2014,
  • [32] An Evaluation of Users' Anti-Phishing Knowledge Retention
    Alnajim, Abdullah
    Munro, Malcolm
    2009 INTERNATIONAL CONFERENCE ON INFORMATION MANAGEMENT AND ENGINEERING, PROCEEDINGS, 2009, : 210 - 214
  • [33] A Novel Anti-phishing Effectiveness Evaluator Model
    Sankhwar, Shweta
    Pandey, Dhirendra
    Khan, R. A.
    INFORMATION AND COMMUNICATION TECHNOLOGY FOR INTELLIGENT SYSTEMS (ICTIS 2017) - VOL 2, 2018, 84 : 610 - 618
  • [34] SEFAP: An email system fox anti-phishing
    Ren, Qiong
    Mu, Yi
    Susilo, Willy
    6TH IEEE/ACIS INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION SCIENCE, PROCEEDINGS, 2007, : 782 - +
  • [35] POSTER: Proactive Blacklist Update for Anti-Phishing
    Lee, Lung-Hao
    Lee, Kuei-Ching
    Chen, Hsin-Hsi
    Tseng, Yuen-Hsien
    CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 1448 - 1450
  • [36] SPP: An anti-phishing single password protocol
    Gouda, Mohamed G.
    Liu, Alex X.
    Leung, Lok M.
    Alam, Mohamed A.
    COMPUTER NETWORKS, 2007, 51 (13) : 3715 - 3726
  • [37] Model for Analysing Anti-Phishing Authentication Ceremonies
    Hatunic-Webster, Edina
    Mtenzi, Fred
    O'Shea, Brendan
    2014 9TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2014, : 144 - 150
  • [38] Survey of Anti-phishing Tools with Detection Capabilities
    Zeydan, Hiba Zuhair
    Selamat, Ali
    Salleh, Mazleena
    2014 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST), 2014, : 214 - 219
  • [39] Website Risk Assessment System for Anti-Phishing
    Kim, Young-Gab
    Cha, Sungdeok
    FUTURE INFORMATION TECHNOLOGY, PT II, 2011, 185 : 131 - 138
  • [40] Interface Design Elements for Anti-phishing Systems
    Chen, Yan
    Zahedi, Fatemeh
    Abbasi, Ahmed
    SERVICE-ORIENTED PERSPECTIVES IN DESIGN SCIENCE RESEARCH: 6TH INTERNATIONAL CONFERENCE, 2011, 6629 : 253 - 265
12345