Abstract
Phishing and Web spoofing have proliferated and become a major nuisance on the Internet. The attacks are difficult to protect against, mainly because they target non-cryptographic components, such as the user or the user-browser interface. This means that cryptographic security protocols, such as the SSL/TLS protocol, do not provide a complete solution to tackle the attacks and must be complemented by additional protection mechanisms. In this paper, we summarize, discuss, and evaluate the effectiveness of such mechanisms against (large-scale) phishing and Web spoofing attacks.
Chapter PDF
Similar content being viewed by others
References
Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: USENIX Security Symposium, pp. 29–40 (1996)
Clayton, R.: Insecure Real-World Authentication Protocols (or Why Phishing is so Profitable). In: Financial Cryptography (2005)
Felten, W.E., Balfanz, D., Dean, D., Wallach, D.S.: Web Spoofing: An Internet Con Game. Technical Report 540-96, Dept. of Computer Science, Princeton University (1996)
Jakobsson, M., Myers, S.: Stealth Attacks and Delayed Password Disclosure (2005)
Adelsbach, A., Gajek, S., Schwenk, J.: Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures. In: Information Security Practice and Experience Conference (2005)
De Paoli, F., DosSantos, A., Kemmerer, R.: Vulnerability of ’Secure’ Web Browsers. In: National Information Systems Security Conference (1997)
Lefranc, S., Naccache, D.: Cut-&-Paste Attacks with JAVA. In: ICISC, pp. 1–15 (2002)
Li, T.Y., Wu, Y.: Trust on Web Browser: Attack vs. Defense. In: ACNS, pp. 241–253 (2003)
Herzberg, A., Gbara, A.: TrustBar: Protecting (even Naive) Web Users from Spoofing and Phishing Attacks. IACR Cryptology ePrint Archive (2004)
Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C.: Client-Side Defense Against Web-Based Identity Theft. In: NDSS (2004)
Jakobsson, M.: Modeling and preventing phishing attacks. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 89–89. Springer, Heidelberg (2005)
Markham, G.: Phishing-Browser-based Defences (2005), http://www.gerv.net/security/phishing-browser-defences.html#ssl-essential
Perrig, A., Song, D.: Hash visualization: A new technique to improve real-world security. In: Cryptographic Techniques and E-Commerce (1999)
Perrig, A., Dhamija, R.: Déjà Vu: A User Study Using Images for Authentication. In: USENIX Security Symposium (2000)
Dohrmann, S., Ellison, C.: Public key support for collaborative work. In: PKI Research Workshop (2002)
Santesson, S., Housley, R., Freeman, T.: Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates (2004) Request for Comments 3709
Ye, Z.E., Smith, S.: Trusted Paths for Browsers. In: USENIX Security Symposium, pp. 263–279 (2002)
Tygar, J., Whitten, A.: WWW Electronic Commerce and Trojan Horses. In: USENIX Workshop on Electronic Commerce (1996)
Shin, M., Straub, C., Tamassia, R., Polivy, D.: Authenticating Web content with Prooflets. Technical report, Brown University, Center for Geometric Computing (2002)
Oppliger, R.: Sichere Streichlisten. Digma 5, 34–35 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Oppliger, R., Gajek, S. (2005). Effective Protection Against Phishing and Web Spoofing. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds) Communications and Multimedia Security. CMS 2005. Lecture Notes in Computer Science, vol 3677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552055_4
Download citation
DOI: https://doi.org/10.1007/11552055_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28791-9
Online ISBN: 978-3-540-31978-8
eBook Packages: Computer ScienceComputer Science (R0)