Phoolproof Phishing Prevention

Parno, Bryan; Kuo, Cynthia; Perrig, Adrian

doi:10.1007/11889663_1

Cited by 141 publications

(96 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Mobile-assisted authentication schemes [7,22,23,27] have been proposed to protect the user from stealing the password on an insecure computer or from phishing attacks. In these diagrams, it is assumed that mobile devices are reliable and capable of performing certain computer operations such as hashing.…”

Section: Related Workmentioning

confidence: 99%

“…The password is the actual method for web authentication [1]. However, it cannot provide sufficient protection for password authentication only, because the mechanism is prone to many attacks such as shoulder surfing attack [2], brute force password guessing attack [3][4][5], man in the middle (MITM) attack [6] and phishing attack [7,8].…”

Section: Introductionmentioning

confidence: 99%

“…At this point, although special hardware-based TFA solutions (e.g., SecurID and smart card) have been introduced long ago, they have not been widely used yet. With the advancement of mobile computing technologies in the past decade, TFA systems supported by many mobile devices have been proposed [7,[21][22][23]; in addition to encryption, reliable mobile device support has become a secondary factor. TFA systems have been developed that are used in SMS-based (e.g., [24,25]) and software-based (e.g., [26]) mobile phones, especially smartphones.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The implementation of two-factor web authentication system based on facial recognition

Zavrak¹,

Yılmaz²,

Bodur³

et al. 2017

GJCS

View full text Add to dashboard Cite

The security of the web is a very important issue, because every day we make a variety of operations in it, for different reasons, during the day. Apart from protecting the information, contacts, accounts and data on the web, such data should be inaccessible to third-party persons. This in turn depends on the success of the authentication process performed on the individual web. With authentication, it is possible for users to protect their information and make their transactions only for themselves. However, the authentication mechanism used at this point must have a high level of safety. With the purpose to damage a person's privacy and access account information and gain profit in this way, many malicious persons have developed various methods of attacks to bypass authentication mechanisms. These methods sometimes succeed on a variety of authentication mechanisms, and put users and relevant websites into a difficult situation, and may even damage them in a variety of aspects. In order to protect personal information on the web system and provide the security of transactions carried out at a high level, in this study, we propose a two-factor authentication mechanism based on facial recognition. Besides, we discuss some implementation details about the proposed method. The proposed method aims to bring a new approach to the authentication system to perform our online process with the highest security. In addition to the standard authentication systems, using face recognition as a secondary level of security will contribute to the emergence of a new authentication mechanism.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The implementation of two-factor web authentication system based on facial recognition

Zavrak¹,

Yılmaz²,

Bodur³

et al. 2017

GJCS

View full text Add to dashboard Cite

show abstract

“…However, the idea of using a personal (mobile) device to improve security in practice has been studied in several previous papers. In [18], Parno et al use a mobile phone to set up secure SSL/TLS connections and in [15], Mannan and Oorschot use a personal device to improve security of password authentication. Both solutions basically aim to do user authentication with improved security, in particular to protect against key-logging and phising.…”

Section: Related Workmentioning

confidence: 99%

On the Theory and Practice of Personal Digital Signatures

Damgård

Mikkelsen

2009

Public Key Cryptography – PKC 2009

View full text Add to dashboard Cite

Abstract. We take a step towards a more realistic modeling of personal digital signatures, where a human user, his mobile equipment, his PC and a server are all considered as independent players in the protocol, and where only the human user is assumed incorruptible. We then propose a protocol for issuing digital signatures on behalf of the user. This protocol is proactively UC-secure assuming at most one player is corrupted in every operational phase. In more practical terms, this means that one can securely sign using terminals (PC's) that are not necessarily trusted, as long as the mobile unit and the PC are not both corrupted at the same time. In other words, our solution cannot be broken by phising or key-logging via the PC. The protocol allows for mobile units with very small computing power by securely outsourcing computation to the PC and also allows usage of any PC that can communicate properly. Finally, we report on the results of a prototype implementation of our solution.

show abstract

“…한편, 피싱/파밍을 방지하기 위한 많은 기술적인 연 구들이 있어 왔다 [3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18] . ② Portal site should provide bank site registration menu on a user account window.…”

unclassified

Countermeasures Against Phishing/Pharming via Portal Site for General Users

Kim¹,

Kang

Kim³

2015

The Journal of Korean Institute of Communications and Informati

View full text Add to dashboard Cite

The number of phishing/pharming attacks occurring has increased and consequently, the number of studies on anti-phishing/pharming has also increased. The target sites of phishing/pharming are financial sites, and these have a low connection rate compared to those of portal sites. In this paper, we propose an anti-phishing/pharming method that uses a portal site as a stopover. The proposed method is based on the reliability of portal sites.This method is intended for general users rather than for professional users or developers. We also analyze the safety of the proposed method by separating the method into sub components of module safety assumption.

show abstract

Phoolproof Phishing Prevention

Cited by 141 publications

References 14 publications

The implementation of two-factor web authentication system based on facial recognition

The implementation of two-factor web authentication system based on facial recognition

On the Theory and Practice of Personal Digital Signatures

Countermeasures Against Phishing/Pharming via Portal Site for General Users

Contact Info

Product

Resources

About