A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks
Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user interfaces and thus defend themselves against spoofing. The proposed technique assumes the preexistence of a shared secret key between any two communicating partners, and ignores the existence of any malware at client sides.
Unable to display preview. Download preview PDF.
- 1.Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C.: Client-Side Defense against Web-Based Identity Theft. In: 11th Annual Network and Distributed System Security Symposium, San Diego, USA (February 2004)Google Scholar
- 2.Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI Conference on Human Factors in Computing Systems, Montreal, Canada (2006)Google Scholar
- 3.Kirda, E., Kruegel, C.: Protecting Users against Phishing Attacks with AntiPhish. In: 29th IEEE Annual International Computer Software and Applications Conference, UK (2005)Google Scholar
- 4.Anti-Phishing Working Group: Phishing Activity Trends Report (2005), http://antiphishing.org/reports/APWG_Phishing_Activity_Report_May_2005.pdf
- 5.Anti-Phishing Working Group: Phishing Activity Trends Report (2006), http://antiphishing.org/reports/apwg_report_May2006.pdf
- 6.Herzberg, A., Gbara, A.: TrustBar: Protecting Web Users from Spoofing and Phishing Attacks. Cryptology ePrint Archive, Report 2004/155 (2004), http://www.cs.biu.ac.il/~herzbea/TrustBar/
- 7.Yee, K., Sitaker, K.: Passpet: Convenient Password Management and Phishing Protection. In: Second symposium on Usable privacy and security, Pittsburgh, Pennsylvania, USA (2006)Google Scholar