The Phish-Market Protocol: Securely Sharing Attack Data between Competitors

  • Tal Moran
  • Tyler Moore
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6052)

Abstract

A key way in which banks mitigate the effects of phishing is to remove fraudulent websites or suspend abusive domain names. This ‘take-down’ is often subcontracted to specialist firms. Prior work has shown that these take-down companies refuse to share ‘feeds’ of phishing website URLs with each other, and consequently, many phishing websites are not removed because the firm with the take-down contract remains unaware of their existence. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might ‘free-ride’ off their efforts by not investing resources to find new websites, as well as use the feeds to poach clients. In this paper, we propose the Phish-Market protocol, which enables companies with less comprehensive feeds to learn about websites impersonating their own clients that are held by other firms. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor’s clients and only those previously unknown to the receiving firm. Crucially, the protocol does not reveal to the contributing firm which URLs are needed by the receiver, as this is viewed as sensitive information by take-down firms. Using complete lists of phishing URLs obtained from two large take-down companies, our elliptic-curve-based implementation added a negligible average 5 second delay to securely share URLs.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols. In: STOC 1990, pp. 503–513. ACM Press, New York (1990)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  3. 3.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computations. In: STOC 1988, pp. 1–10. ACM Press, New York (1988)CrossRefGoogle Scholar
  4. 4.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  5. 5.
    Gal-Or, E., Ghose, A.: The economic incentives for sharing security information. Information Systems Research 16(2), 186–208 (2005)CrossRefGoogle Scholar
  6. 6.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game — A completeness theorem for protocols with honest majority. In: ACM (ed.) STOC 1987, pp. 218–229. ACM Press, New York (1987)CrossRefGoogle Scholar
  7. 7.
    Gordon, L., Loeb, M., Lucyshyn, W.: Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy 22(6), 461–485 (2003)CrossRefGoogle Scholar
  8. 8.
    Gordon, S., Ford, R.: When worlds collide: information sharing for the security and anti-virus communities, IBM research paper (1999)Google Scholar
  9. 9.
    Jakobsson, M., Myers, S. (eds.): Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley, New York (2006)Google Scholar
  10. 10.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay — a secure two-party computation system. In: USENIX Security Symposium, pp. 287–302 (2004)Google Scholar
  11. 11.
    Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime), pp. 1–13 (2007)Google Scholar
  12. 12.
    Moore, T., Clayton, R.: The consequence of non-cooperation in the fight against phishing. In: Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime), pp. 1–14 (2008)Google Scholar
  13. 13.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA 2001, pp. 448–457. Society for Industrial and Applied Mathematics, Philadelphia (2001)Google Scholar
  14. 14.
    NIST. Digital signature standard (DSS). FIPS 186-2 (January 2000), http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
  15. 15.
    Yao, A.C.-C.: How to generate and exchange secrets. In: FOCS 1986, pp. 162–167. IEEE Computer Society, Los Alamitos (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Tal Moran
    • 1
  • Tyler Moore
    • 1
  1. 1.Center for Research on Computation & SocietyHarvard University 

Personalised recommendations