Dynamic identity-based single password anti-phishing protocol

Security and Communication Networks

Volumn 4, Issue 4, 2011, Pages 418-427

  Sood, Sandeep K ^a   Sarje, Anil K ^a   Singh, Kuldip ^a  

^a INDIAN INSTITUTE OF TECHNOLOGY ROORKEE   (India)

Author keywords

Authentication protocol; Browser indicators; Cookies; Dynamic identity; Password; Phishing attacks

Indexed keywords

AUTHENTICATION; HASH FUNCTIONS; HTTP; HYPERTEXT SYSTEMS; INTERNET PROTOCOLS; WEB SERVICES;

AUTHENTICATION PROTOCOLS; COOKIES; DYNAMIC IDENTITIES; PASSWORD; PHISHING ATTACKS;

DENIAL-OF-SERVICE ATTACK;

EID: 79953032611     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.169     Document Type: Article

References (25)

1. Halderman JA, Waters B, Felten EW. A convenient method for securely managing passwords. Proceedings of the International World Wide Web ACM Conference, May 2005; 471-479.
2. Anti-Phishing Working Group. [3 March 2009].
3. Gouda MG, Liu AX, Leung LM, Alam MA. SPP: an anti-phishing single password protocol. Computer Networks 51(13): 3715-3726, April 2007.
4. Stanford, SpoofGuard Home Page, [11 March 2009].
5. Phishing Filter, Microsoft Phishing Filter FAQ, [4 April 2009].
6. Google Safe Browsing, [5 March 2009].
7. RFC 2617. HTTP authentication: basic and digest access authentication, June 1999.
8. Herzberg A, Gbara A. TrustBar: protecting (even) naive users from spoofing and phishing attacks. Cryptology e-print archive, report2004/155, February 2004.
9. RSA. RSA security: protecting against phishing by implementing strong two-factor authentication. [June 2004].
10. Ross B, Jackson C, Miyake N, Boneh D, Mitchell JC. A browser plug-in solution to the unique password problem. Technical Report, Stanford-SecLab, June 2005.
11. Ye EZ, Smith S. Trusted paths for browsers. ACM Transactions on Information and System Security August 2005; 8(2): 153-186.
12. Dhamija R, Tygar JD. The Battle against Phishing: Dynamic Security Skins. Symposium on Usable Privacy and Security (SOUPS) May 2005; 77-88.
13. Wu M, Miller RC, Garfinkel S. Do security toolbars actually prevent phishing attacks. Proceedings of the ACM Computer/Human Interaction (CHI) April 2006; 601-610.
14. Juels A, Jakobsson M, Jagatic TN. Cache cookies for browser authentication. IEEE Symposium on Security and Privacy May 2006; 301-305.
15. Bank of America SiteKey. [2 May 2009].
16. Yahoo. What is a sign-in seal? [15 November 2008].
17. Ludl C, McAllister S, Kirda E, Kruegel C. On the effectiveness of techniques to detect phishing sites. Springer-Verlag, LNCS May 2007; 4579: 20-39.
18. Microsoft Sender ID home page. [2 November 2008].
19. Karlof C, Shankar U, Tygar JD, Wagner D. Dynamic pharming attacks and the locked same origin policies for web browsers. ACM Conference on Computer and Communications Security, November 2007; 58-71.
20. Imamoto K, Sakurai K. Design and analysis of Diffie-Hellman based key exchange using one-time ID by SVO logic. Electronic Notes in Theoretical Computer Science June 2005; 135: 79-94.
21. Wu Y, Yao H, Bao F. Minimizing SSO effort in verifying SSL anti-phishing indicators. Proceedings of the 23rd International Information Security Conference IFIP TC 11, Springer September 2008; 278: 47-61.
22. Freier AO, Karlton P, Kocher PC. SSL protocol version 3.0 internet draft. IETF, November 1996.
23. Microsoft Passport. [10 December 2008].
24. Kormann DP, Rubin AD. Risks of the passport single sign on protocol. Computer Networks June 2000; 33: 51-58.
25. Oppliger R, Hauser R, Basin D. SSL/TLS session-aware user authentication revisited. Computers and Security June 2008; 27: 64-70.