Defeating Active Phishing Attacks for Web-Based Transactions

Xin Luo, Tan Teik Guan
2007 International Journal of Information Security and Privacy  
Till now, the best defense against phishing is the use of two-factor authentication systems. Yet this protection is short-lived and comparatively weak. The absence of a fool-proof solution against man-in-the-middle, or active phishing, attacks have resulted in an avalanche of security practitioners painting bleak scenarios where active phishing attacks cripple the growth of Web-based transactional systems. Even with vigilant users and prudent applications, no solutions seem to have addressed
more » ... attacks comprehensively. In this article, we propose the new two-factor interlock authentication protocol (TIAP), adapted from the interlock protocol with two-factor authentication, which is able to defend successfully against active phishing attacks. We further scrutinize the TIAP by simulating a series of attacks against the protocol and demonstrate how each attack is defeated.
doi:10.4018/jisp.2007070104 fatcat:35hmnkpvebhsbmireduuofdizy