Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable)

نویسنده

  • Richard Clayton
چکیده

The users of online banking systems are currently at risk from “phishing” scams. Confidence tricksters persuade them to visit fraudulent websites and use their authentication credentials to steal from the victims’ accounts. We analyse the authentication protocols used for online banking, find that they are entirely inadequate, and consider how to improve systems design so as to discourage attacks.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On the Evolution of Adversary Models in Security Protocols (or Know Your Friend and Foe Alike)

Discussion p. 60 PIN (and Chip) or Signature: Beating the Cheating? p. 69 Discussion p. 76 Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable) p. 82 Discussion p. 89 Authorisation Subterfuge by Delegation in Decentralised Networks p. 97 Discussion p. 103 Multi-channel Protocols p. 112 Discussion p. 128 Combining Crypto with Biometrics: A New Human-Security Interface ...

متن کامل

Hash-Based Password Authentication Protocol Against Phishing and Pharming Attacks

Until now, although many researchers proposed a variety of authentication protocol to verify the identity of the clients, most of these protocols are inefficient and ineffective. Gouda et al. proposed an anti-phishing single password protocol, but it is vulnerable to pharming attacks. In this paper, we show that the protocol is insecure, and propose a hash-based password authentication protocol...

متن کامل

Online Banking Security

I nternet banking is increasingly popular both in Norway and elsewhere. Banks have actively encouraged this cost-saving trend by persuading customers to sign up. Customers, attracted by online banking’s convenience, seem largely unconcerned about identity theft and phishing email scams. In fact, most customers seem to believe that Internet banking is quite safe simply because their banks told t...

متن کامل

The Identity Metasystem: A User-Centric, Inclusive Web Authentication Solution

1. The Web’s Problems are often Identity Problems Many of the problems facing the Web today stem from the lack of a widely deployed, easily understood, secure identity solution. Microsoft’s “InfoCard” project and the Identity Metasystem vision underlying it are aimed at filling this gap using technology that all can adopt and with solutions that all can endorse, putting users in control of thei...

متن کامل

Data Shield Algorithm (DSA) for Security against Phishing Attacks

The World Wide Web provides every internet citizen with voluminous and heterogeneous data. Therefore, it becomes an essential to mine this available data to make it presentable, useful, and pertinent to a particular problem. Web mining deals with the extraction of these interesting patterns and developing useful abstracts from diversified sources. To improve the security of Web services one wou...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005