Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2007: Information Systems Security pp 254–258Cite as

A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4812))

Abstract

Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user interfaces and thus defend themselves against spoofing. The proposed technique assumes the preexistence of a shared secret key between any two communicating partners, and ignores the existence of any malware at client sides.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C.: Client-Side Defense against Web-Based Identity Theft. In: 11th Annual Network and Distributed System Security Symposium, San Diego, USA (February 2004)

    Google Scholar 

  2. Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI Conference on Human Factors in Computing Systems, Montreal, Canada (2006)

    Google Scholar 

  3. Kirda, E., Kruegel, C.: Protecting Users against Phishing Attacks with AntiPhish. In: 29th IEEE Annual International Computer Software and Applications Conference, UK (2005)

    Google Scholar 

  4. Anti-Phishing Working Group: Phishing Activity Trends Report (2005), http://antiphishing.org/reports/APWG_Phishing_Activity_Report_May_2005.pdf

  5. Anti-Phishing Working Group: Phishing Activity Trends Report (2006), http://antiphishing.org/reports/apwg_report_May2006.pdf

  6. Herzberg, A., Gbara, A.: TrustBar: Protecting Web Users from Spoofing and Phishing Attacks. Cryptology ePrint Archive, Report 2004/155 (2004), http://www.cs.biu.ac.il/~herzbea/TrustBar/

  7. Yee, K., Sitaker, K.: Passpet: Convenient Password Management and Phishing Protection. In: Second symposium on Usable privacy and security, Pittsburgh, Pennsylvania, USA (2006)

    Google Scholar 

  8. Jablon, D.: Strong Password-Only Authenticated Key Exchange Computer Communication Rev. ACM SIGCOMM 26, 5–26 (1996)

    Article  Google Scholar 

  9. Zhang, M.: Analysis of the SPEKE Password-Authenticated Key Exchange Protocol. Communications Letters 8(1), 63–65 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, Iran University of Science and Technology,  

    Mohsen Sharifi, Alireza Saberi, Mojtaba Vahidi & Mohammad Zorufi

Authors
  1. Mohsen Sharifi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alireza Saberi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mojtaba Vahidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammad Zorufi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Patrick McDaniel Shyam K. Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sharifi, M., Saberi, A., Vahidi, M., Zorufi, M. (2007). A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks. In: McDaniel, P., Gupta, S.K. (eds) Information Systems Security. ICISS 2007. Lecture Notes in Computer Science, vol 4812. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77086-2_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77086-2_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77085-5

  • Online ISBN: 978-3-540-77086-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation