Abstract
The users of online banking systems are currently at risk from “phishing” scams. Confidence tricksters persuade them to visit fraudulent websites and use their authentication credentials to steal from the victims’ accounts. We analyse the authentication protocols used for online banking, find that they are entirely inadequate, and consider how to improve systems design so as to discourage attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dierks, T., Allen, C.: The TLS Protocol, Version 1.0, IETF, RFC2246 (January 1999)
DrSpamcake: Get on aol from off aol. alt.online-service.america-online (January 2, 1996), http://groups.google.com/groups?selm=4calah$eoh@newsbf02.news.aol.com
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. IETF Internet Draft (November 18, 1996) draft-freier-ssl-version3-02.txt
Harriman, D.D.: Password Fishing on Public Terminals. In: Computer Fraud and Security Bulletin, pp. 12–14. Elsevier Science Publishers, New York (1990)
Lee, L.: AOL scam warning. bit.listserv.christia (September 29, 1995) http://groups.google.com/groups?selm=950929165422_112740484@mail02.mail.aol.com
MailFrontier Inc: MailFrontier to Unveil Phishing IQ Test II at Inbox East. Press Release (November 11, 2004) http://www.mailfrontier.com/press/press_phishtest2.html
RSA Security Inc: RSA SecurID Authentication. http://www.rsasecurity.com
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clayton, R. (2007). Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-77156-2_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77155-5
Online ISBN: 978-3-540-77156-2
eBook Packages: Computer ScienceComputer Science (R0)