International Conference on Information Systems Security

ICISS 2007: Information Systems Security pp 254-258

A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks

  • Mohsen Sharifi
  • Alireza Saberi
  • Mojtaba Vahidi
  • Mohammad Zorufi
Conference paper

DOI: 10.1007/978-3-540-77086-2_20

Volume 4812 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Sharifi M., Saberi A., Vahidi M., Zorufi M. (2007) A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks. In: McDaniel P., Gupta S.K. (eds) Information Systems Security. ICISS 2007. Lecture Notes in Computer Science, vol 4812. Springer, Berlin, Heidelberg

Abstract

Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user interfaces and thus defend themselves against spoofing. The proposed technique assumes the preexistence of a shared secret key between any two communicating partners, and ignores the existence of any malware at client sides.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mohsen Sharifi
    • 1
  • Alireza Saberi
    • 1
  • Mojtaba Vahidi
    • 1
  • Mohammad Zorufi
    • 1
  1. 1.Computer Engineering Department, Iran University of Science and Technology