Defeating Active Phishing Attacks for Web-Based Transactions

Defeating Active Phishing Attacks for Web-Based Transactions

Xin Luo (Virginia State University, USA) and Tan Teik Guan (Data Security Systems Solutions Pte Ltd, Singapore)
Copyright: © 2007 |Pages: 14
DOI: 10.4018/jisp.2007070104
OnDemand PDF Download:
$37.50

Abstract

Till now, the best defense against phishing is the use of two-factor authentication systems. Yet this protection is short-lived and comparatively weak. The absence of a fool-proof solution against man-in-the-middle, or active phishing, attacks have resulted in an avalanche of security practitioners painting bleak scenarios where active phishing attacks cripple the growth of Web-based transactional systems. Even with vigilant users and prudent applications, no solutions seem to have addressed the attacks comprehensively. In this article, we propose the new two-factor interlock authentication protocol (TIAP), adapted from the interlock protocol with two-factor authentication, which is able to defend successfully against active phishing attacks. We further scrutinize the TIAP by simulating a series of attacks against the protocol and demonstrate how each attack is defeated.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2017): Forthcoming, Available for Pre-Order
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing