Stronger authentication in e-commerce: How to protect even Naïve user against Phishing, pharming, and MITM attacks

Proceedings of the IASTED International Conference on Communication Systems, Networks, and Applications, CSNA 2007

Volumn , Issue , 2007, Pages 111-116

  Latze, C ^a   Ultes Nitsche, U ^a  

^a UNIVERSITY OF FRIBOURG   (Switzerland)

Author keywords

E commerce; MITM; Pharming; Phishing; TPM

Indexed keywords

E-COMMERCE; MITM; PHARMING; PHISHING; TPM;

APPLICATIONS; COMMUNICATION SYSTEMS; COMPUTER HARDWARE; ELECTRONIC COMMERCE; MOBILE TELECOMMUNICATION SYSTEMS;

AUTHENTICATION;

EID: 62849098199     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (17)

1. W. A. Arbaugh, D. J. Farber, and J. M. Smith. A Secure and Reliable Bootstrap Architecture. IEEE Security and Privacy Conference, pages 65 - 71, May 1997.
2. N. Chou, R. Ledesma, Y. Teraguchi, D. Boneh, and J. C. Mitchell. Client-side defense against web-based identity theft. In 11th Annual Network and Distributed System Security Symposium (NDSS '04), San Diego, Feb. 2004.
3. R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581-590, New York, NY, USA, 2006. ACM Press.
4. S. Gajek, A.-R. Sadeghi, C. Stble, and M. Winandy. Towards multicolored computing - compartmented security to prevent phishing attacks. In Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006.
5. S. Gajek, J. Schwenk, and C. Wegener. Ssl-vaauthentifizierung als schutz von phishing und pharming. In Sicherheit, pages 6-17, 2006.
6. A. Herzberg and A. Gbara. Protecting (even) naive web users, or: preventing spoofing and establishing credentials of web sites, 2006.
7. C. Latze and U. Ultes-Nitsche. Using a trusted platform module to enable a secure usage of nodes in company networks - an extension of the aegis approach. In Proceedings of the KiVS 2007 Workshop on Secure Network Configuration (KiVS NetSec 2007), pages 13-20, 2007.
8. Microsoft. Bitlocker drive encryption: Executive overview, 2006. available at http://technet.microsoft.com/en-us/windowsvista/aa906018.aspx, last visited July 2007.
9. R. Oppliger, R. Hauser, D. Basin, A. Rodenhaeuser, and B. Kaiser. A proof of concept implementation of ssl/tls session aware user authentication (tls-sa). In T. Braun, G. Carle, and B. Stiller, editors, Kommunikation in Verteilten Systemen, Informatik Aktuell, pages 225-236. Springer Verlag, 2007.
10. B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Financial Cryptography, 2006.
11. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the 14th Usenix Security Symposium, 2005.
12. S. Pearson, B. Balacheff, L. Chen, D. Plaquin, and G. Proudler. Trusted Computing Platforms. TCPA Technology in Context. Prentice Hall, 2003.
13. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium, 2004.
14. The Trusted Computing Group. Trusted Computing Platform Alliance. Main Specification Version 1.1b. Trusted Computing Group, 2003. available at https://www.trustedcomputinggroup.org/specs/TPM.
15. Trusted Computing Group and Microsoft. Standardizing network access control: Tnc and microsoft nap to interoperate,May 2007.
16. University of Bochum. TrustedGRUB. available at http://sourceforge.net/ projects/trustedgrub, last visited July 2007.
17. W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated Recovery in a Secure Bootstrap Process. Internet Society 1998 Symposium on Network and Distributed System Security, pages 155 - 167, 1998.