35 Hits in 0.83 sec

Phoolproof Phishing Prevention [chapter]

Bryan Parno, Cynthia Kuo, Adrian Perrig
2006 Lecture Notes in Computer Science  
Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December  ...  For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution.  ...  Instead, we need to research fundamental approaches for preventing phishing.  ... 
doi:10.1007/11889663_1 fatcat:zsolxhqydvhmtdobi2gkjl5f4u

Preventing Web-Spoofing with Automatic Detecting Security Indicator [chapter]

Fang Qi, Feng Bao, Tieyan Li, Weijia Jia, Yongdong Wu
2006 Lecture Notes in Computer Science  
Bryan Parno, Adrian Perrig, Cynthia Kuo Phoolproof Phishing Prevention.  ...  , Modeling and Preventing Phishing Attacks.  ...  We proposed an approach-ADSI on preventing web spoofing with the weakest security assumption, which is secure, efficient and easy to use.  ... 
doi:10.1007/11689522_11 fatcat:czco4eoz6rg3dlefurvq73tjom

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

Ajinkya S.Yadav, A. K. Gupta
2014 International Journal of Computer Applications  
Another possible risky attacks are related to phishing, malware and key loggers etc.  ...  On the contrary, some research represents different approaches to prevent phishing attacks.  ...  Users who adopt m-Pass are guaranteed to prevention of phishing attacks. 3) Password Reuse Prevention and Weak Password Avoidance-m-Pass achieves one-time password approach.  ... 
doi:10.5120/16010-4744 fatcat:ldnlpppm2rgpxnxrayw2ad4qky

Secured Password Technique Using Devices

Mekha Mariyam Thomas
2014 IOSR Journal of Computer Engineering  
This reduces the negative influence of human factors compared to previous schemes, and is the first user authentication protocol to prevent password stealing (i.e., phishing, keylogger, and malware) and  ...  also prevent password reuse attacks simultaneously.  ...  Prevents Needed Phoolproof Prevents Prevents Needed M.wu Prevents Prevents Needed Needed Proposed System Prevents Prevents Prevents Needed Needed  ... 
doi:10.9790/0661-16585660 fatcat:nfbx7p2rdfeqlbcpli3wbuihre

A Survey on One Time Password

2016 International Journal of Science and Research (IJSR)  
To decrease the harm caused by phishing and other attacks, banks, governments, and other industries are deploying One-Time Password systems.  ...  Perrig, have proposed a mutual authentication system named Phoolproof, prevention against phishing attack.  ...  This prevents some forms of identity theft by making sure that captured username/password cannot be used second time.  ... 
doi:10.21275/v5i3.nov161818 fatcat:5md7lo6sxnagzfbemht22qa6by

Leveraging personal devices for stronger password authentication from untrusted computers*

Mohammad Mannan, P.C. van Oorschot
2011 Journal of Computer Security  
On the other hand, several authentication schemes which use a trusted personal device, generally prevent keyloggers, but do not help against phishing or session hijacking attacks.  ...  Most existing or proposed techniques are susceptible to these new attacks, including e.g., Phoolproof [53] and two-factor authentication such as a password and a passcode generator token (e.g., SecurID  ...  We thank anonymous referees for their constructive comments which improved the presentation of this work, Bryan Parno for allowing us to access and build on source code of his Phoolproof [53] implementation  ... 
doi:10.3233/jcs-2010-0412 fatcat:s2jyai2n5fh2hcfr7sge7m2pmm

Countermeasures Against Phishing/Pharming via Portal Site for General Users
일반 사용자를 위한 포털 사이트 경유 피싱/파밍 방지 방안

Soyoung Kim, Ji-yoon Kang, Yoonjeong Kim
2015 The Journal of Korean Institute of Communications and Information Sciences  
ABSTRACT The number of phishing/pharming attacks occurring has increased and consequently, the number of studies on anti-phishing/pharming has also increased.  ...  The target sites of phishing/pharming are financial sites, and these have a low connection rate compared to those of portal sites.  ...  [6, 7] • a comprehensive method including phishing site detection 2.2 prevention of URL spoofingphishing [8] • a comprehensive method including prevention of url-spoofing-phishing 2.3 Cognitive approach  ... 
doi:10.7840/kics.2015.40.6.1107 fatcat:san5ms6qpzbu3ffk2bgocmdrw4

I Bought a New Security Token and All I Got Was This Lousy Phish—Relay Attacks on Visual Code Authentication Schemes [chapter]

Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano
2014 Lecture Notes in Computer Science  
Parno, Kuo and Perrig's "Phoolproof Phishing Prevention" [16] uses a trusted mobile device to mutually authenticate with remote services from an untrusted terminal, the main objective being to prevent  ...  Secure bookmarks As the session phishing attacks presented in this paper rely on the user scanning a relayed visual code, they can, of course, be prevented using a different sort of authentication scheme  ... 
doi:10.1007/978-3-319-12400-1_19 fatcat:gv7gcn3kazanrg57sbr7m4mrva

Secure, Consumer-Friendly Web Authentication and Payments with a Phone [chapter]

Ben Dodson, Debangsu Sengupta, Dan Boneh, Monica S. Lam
2012 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
Phoolproof [20] is designed as an anti-phishing authentication mechanism. With Phoolproof, Parno et al. require custom software on the PC as well as a bluetooth connection.  ...  Snap2Pass clearly prevents offline phishing since the phisher does not obtain a credential that can be used or sold.  ... 
doi:10.1007/978-3-642-29336-8_2 fatcat:wcjpwhvwrjgm5dxbleaf5kzbr4

Anti-Phishing in Offense and Defense

Chuan Yue, Haining Wang
2008 2008 Annual Computer Security Applications Conference (ACSAC)  
Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches.  ...  However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing  ...  Researchers have also sought to develop non-preventive anti-phishing approaches.  ... 
doi:10.1109/acsac.2008.32 dblp:conf/acsac/YueW08 fatcat:fxo6hquwtrdrpa7yoxmmi3sctq

Authentication Mechanism for Resistance to Password Stealing and Reuse Attack [article]

Sharayu A. Aghav, RajneeshKaur Bedi
2014 arXiv   pre-print
., phishing, key logging and malwares). The purpose of this system is to introduce the concept and methodology which helps organization and users to implement stronger password policies.  ...  TABLE I I System Attack Prevention Session hijacking Phishing Key-logging Password reuse DNS spoofing Malware prevention Our system oPass [1] MP- Auth [4] Phool Proof [2] Secure Web[3]  ...  Compared with earlier methods, the user authentication protocol effectively prevents password stealing (i.e., phishing, key logger) and reuse attacks.  ... 
arXiv:1402.6497v1 fatcat:wodzqqmjfzfwrcvzmvumtqn35e


Chuan Yue, Haining Wang
2010 ACM Transactions on Internet Technology  
Leveraging the power of client-side automatic phishing detection techniques, BogusBiter is complementary to existing preventive anti-phishing approaches.  ...  However, usability studies have demonstrated that prevention-based approaches alone fail to effectively suppress phishing attacks and protect Internet users from revealing their credentials to phishing  ...  Parno et al. [2006] proposed a Phoolproof anti-phishing mechanism.  ... 
doi:10.1145/1754393.1754395 fatcat:izxe5ydanjeghnbcqudx3sb5ly

CamAuth: Securing Web Authentication with Camera

Mengjun Xie, Yanyan Li, Kenji Yoshigoe, Remzi Seker, Jiang Bian
2015 2015 IEEE 16th International Symposium on High Assurance Systems Engineering  
In this paper, we present CamAuth, a web authentication scheme that exploits pervasive mobile devices and digital cameras to counter various password attacks including man-in-the-middle and phishing attacks  ...  Both Phoolproof and MP-Auth require wireless connection and wellimplemented SSL/TLS.  ...  Phoolproof [7] is a public-key based scheme for strengthening bank transaction system.  ... 
doi:10.1109/hase.2015.41 dblp:conf/hase/XieLYSB15 fatcat:ei4xilqqwbfcdjrrjhko6h2kze

Modeling Human Errors in Security Protocols

David Basin, Saa Radomirovic, Lara Schmid
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
For example, many people are fooled by phishing attacks into simply giving away their secret credentials.  ...  A guideline that prevents the execution of the protocol leads therefore to a trivially satisfied authentication claim.  ... 
doi:10.1109/csf.2016.30 dblp:conf/csfw/BasinRS16 fatcat:sccvpgeovjekffsw7krq7iqaxa

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano
2012 2012 IEEE Symposium on Security and Privacy  
Mobile-Phone-based: Phoolproof Phoolproof Phishing Prevention [36] is another tokenbased design, but one in which the token is a mobile phone with special code and crypto keys.  ...  Phoolproof was conceived as a system to secure banking transactions against phishing, not as a password replacement.  ... 
doi:10.1109/sp.2012.44 dblp:conf/sp/BonneauHOS12 fatcat:eywl5wtbw5ectmcr4dolfxnku4
« Previous Showing results 1 — 15 out of 35 results