Defeating Active Phishing Attacks for Web-Based Transactions

Xin Luo; Tan Teik Guan

doi:10.4018/jisp.2007070104

Defeating Active Phishing Attacks for Web-Based Transactions

Xin Luo (Virginia State University, USA) and Tan Teik Guan (Data Security Systems Solutions Pte Ltd, Singapore)

Source Title: International Journal of Information Security and Privacy (IJISP) 1(3)

DOI: 10.4018/jisp.2007070104

OnDemand PDF Download:

$30.00

List Price: $37.50

Abstract

Till now, the best defense against phishing is the use of two-factor authentication systems. Yet this protection is short-lived and comparatively weak. The absence of a fool-proof solution against man-in-the-middle, or active phishing, attacks have resulted in an avalanche of security practitioners painting bleak scenarios where active phishing attacks cripple the growth of Web-based transactional systems. Even with vigilant users and prudent applications, no solutions seem to have addressed the attacks comprehensively. In this article, we propose the new two-factor interlock authentication protocol (TIAP), adapted from the interlock protocol with two-factor authentication, which is able to defend successfully against active phishing attacks. We further scrutinize the TIAP by simulating a series of attacks against the protocol and demonstrate how each attack is defeated.

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 13: 4 Issues (2019): Forthcoming, Available for Pre-Order

Volume 12: 4 Issues (2018): 2 Released, 2 Forthcoming

Volume 11: 4 Issues (2017)

Volume 10: 4 Issues (2016)

Volume 9: 4 Issues (2015)

Volume 8: 4 Issues (2014)

Volume 7: 4 Issues (2013)

Volume 6: 4 Issues (2012)

Volume 5: 4 Issues (2011)

Volume 4: 4 Issues (2010)

Volume 3: 4 Issues (2009)

Volume 2: 4 Issues (2008)

Volume 1: 4 Issues (2007)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

Defeating Active Phishing Attacks for Web-Based Transactions

Abstract

Complete Article List