PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH

Hicham Tout

2009

Abstract

Phishing is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. One of the primary goals of phishing is to illegally carry fraudulent financial transactions on behalf of users. The two primary vulnerabilities exploited by phishers are: Inability of non-technical/unsophisticated users to always identify spoofed emails or Web sites; and the relative ease with which phishers masquerade as legitimate Web sites. This paper presents Phishpin, an approach that leverages the concepts of mutual authentication to require online entities to prove their identities. To this end, Phishpin builds on One-Time-Password, DNS, partial credentials sharing, & client filtering to prevent phishers from masquerading as legitimate online entities.

Paper Citation

in Harvard Style

Tout H. (2009). PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 369-374. DOI: 10.5220/0002222503690374

in Bibtex Style

@conference{secrypt09,
author={Hicham Tout},
title={PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={369-374},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002222503690374},
isbn={978-989-674-005-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH
SN - 978-989-674-005-4
AU - Tout H.
PY - 2009
SP - 369
EP - 374
DO - 10.5220/0002222503690374