A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks
- Cite this paper as:
- Sharifi M., Saberi A., Vahidi M., Zorufi M. (2007) A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks. In: McDaniel P., Gupta S.K. (eds) Information Systems Security. ICISS 2007. Lecture Notes in Computer Science, vol 4812. Springer, Berlin, Heidelberg
Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user interfaces and thus defend themselves against spoofing. The proposed technique assumes the preexistence of a shared secret key between any two communicating partners, and ignores the existence of any malware at client sides.
Unable to display preview. Download preview PDF.