Trusted paths for browsers

Ye, Zishuang; Smith, Sean W.; Anthony, Denise L.

doi:10.1145/1065545.1065546

Cited by 96 publications

(88 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These approaches seek to detect known good sites. Some whitelisting approaches use server side validation to add additional authentication metrics to client browsers as a proof of its benign nature, for examples, dynamic security skins [7]; trust bar [8] and SRD ("Synchronized Random Dynamic Boundaries") [9].…”

Section: Related Workmentioning

confidence: 99%

Phishing Websites Detection Using Data Mining Classification Model

Jabri

Ibrahim

2015

TMLAI

View full text Add to dashboard Cite

Phishing is a significant security threat to the Internet; it is an electronic online identity theft in which the attackers use spoofing techniques like fake websites that mimic legal websites to trick users into revealing their private information. Many of successful phishing attacks do exist and subsequently a considerable number of anti-phishing methods have been proposed. However, they vary in terms of their accuracy and error rate. This paper proposes an algorithm for phishing websites detection using data mining classification model. It is implemented and experimented using a dataset composed of 20 different webpage features and 1,000 instances. The experimental results showed that the proposed algorithm outperforms the original one in terms of the number of classification rules, accuracy (87%) and less error rate (0.1 %).

show abstract

Section: Related Workmentioning

confidence: 99%

Phishing Websites Detection Using Data Mining Classification Model

Jabri

Ibrahim

2015

TMLAI

View full text Add to dashboard Cite

show abstract

“…d) Dynamic security skins. Anti-phishing techniques such as synchronized random dynamic boundary [48] and dynamic security skins [15] can be used as a means to identify an authentic server, and to communicate success/failure messages to a client browser. Note that, Uvauth's security does not require these visual cues to be 100% reliable, or always correctly matched by users; they simply provide an additional channel for session verification.…”

Section: Additional Login Help For Legitimate Usersmentioning

confidence: 99%

Explicit authentication response considered harmful

Zhao

Mannan

2013

Proceedings of the 2013 New Security Paradigms Workshop

View full text Add to dashboard Cite

Automated online password guessing attacks are facilitated by the fact that most user authentication techniques provide a yes/no answer as the result of an authentication attempt. These attacks are somewhat restricted by Automated Turing Tests (ATTs, e.g., captcha challenges) that attempt to mandate human assistance. ATTs are not very difficult for legitimate users, but always pose an inconvenience. Several current ATT implementations are also found to be vulnerable to improved image processing algorithms. ATTs can be made more complex for automated software, but that is limited by the trade-off between user-friendliness and effectiveness of ATTs. As attackers gain control of large-scale botnets, relay the challenge to legitimate users at compromised websites, or even have ready access to cheap, sweat-shop human solvers for defeating ATTs, online guessing attacks are becoming a greater security risk. Using deception techniques (as in honeypots), we propose the user-verifiable authentication scheme (Uvauth) that tolerates, instead of detecting or counteracting, guessing attacks. Uvauth provides access to all authentication attempts; the correct password enables access to a legitimate session with valid user data, and all incorrect passwords lead to fake sessions. Legitimate users are expected to learn the authentication outcome implicitly from the presented user data, and are relieved from answering ATTs; the authentication result never leaves the server and thus remains (directly) inaccessible to attackers. In addition, we suggest using adapted distorted images and pre-registered images/text as a complement to convey an authentication response, especially for accounts that do not host much personal data.

show abstract

“…The first approach focuses on building tools or toolbars to enhance the security of a login process. Ye and Smith [30] designed a prototype of "Trusted Path" to convey relevant trust signals from a web browser to a human user. Dhamija and Tygar [5] proposed "Dynamic Security Skins" to allow a legitimate web site to prove its identity in a way that is easy for a user to verify but hard for a phisher to spoof.…”

Section: Related Workmentioning

confidence: 99%

Anti-Phishing in Offense and Defense

Yue

Wang

2008

2008 Annual Computer Security Applications Conference (ACSAC)

View full text Add to dashboard Cite

Many anti-phishing mechanisms currently focus on helping users verify whether a web site is genuine. However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing sites. In this paper, instead of preventing human users from "biting the bait", we propose a new approach to protect against phishing attacks with "bogus bites". We develop BogusBiter, a unique client-side antiphishing tool, which transparently feeds a relatively large number of bogus credentials into a suspected phishing site. BogusBiter conceals a victim's real credential among bogus credentials, and moreover, it enables a legitimate web site to identify stolen credentials in a timely manner. Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches. We implement BogusBiter as an extension to Firefox 2 web browser, and evaluate its efficacy through real experiments on both phishing and legitimate web sites.

show abstract

Trusted paths for browsers

Cited by 96 publications

References 10 publications

Phishing Websites Detection Using Data Mining Classification Model

Phishing Websites Detection Using Data Mining Classification Model

Explicit authentication response considered harmful

Anti-Phishing in Offense and Defense

Contact Info

Product

Resources

About