PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH
Hicham Tout
2009
Abstract
Phishing is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. One of the primary goals of phishing is to illegally carry fraudulent financial transactions on behalf of users. The two primary vulnerabilities exploited by phishers are: Inability of non-technical/unsophisticated users to always identify spoofed emails or Web sites; and the relative ease with which phishers masquerade as legitimate Web sites. This paper presents Phishpin, an approach that leverages the concepts of mutual authentication to require online entities to prove their identities. To this end, Phishpin builds on One-Time-Password, DNS, partial credentials sharing, & client filtering to prevent phishers from masquerading as legitimate online entities.
DownloadPaper Citation
in Harvard Style
Tout H. (2009). PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 369-374. DOI: 10.5220/0002222503690374
in Bibtex Style
@conference{secrypt09,
author={Hicham Tout},
title={PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={369-374},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002222503690374},
isbn={978-989-674-005-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - PHISHPIN: AN INTEGRATED, IDENTITY-BASED ANTI-PHISHING APPROACH
SN - 978-989-674-005-4
AU - Tout H.
PY - 2009
SP - 369
EP - 374
DO - 10.5220/0002222503690374