Sciweavers

Share
SEC
2008

Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators

10 years 1 months ago
Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators
In an on-line transaction, a user sends her personal sensitive data (e.g., password) to a server for authentication. This process is known as Single Sign-On (SSO). Subject to phishing and pharming attacks, the sensitive data may be disclosed to an adversary when the user is allured to visit a bogus server. There has been much research in anti-phishing methods and most of them are based on enhancing the security of browser indicator. In this paper, we present a completely different approach of defeating phishing and pharming attacks. Our method is based on encrypted cookie. It tags the sensitive data with the server's public key and stores it as a cookie on the user's machine. When the user visits the server so as to perform an online transaction, the sensitive data in the cookie will be encrypted with the stored public key of the server. The ciphertext can only be decrypted by the genuine server. Our encrypted cookie scheme (ECS) has the advantage that the user can ignore SSL...
Yongdong Wu, Haixia Yao, Feng Bao
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where SEC
Authors Yongdong Wu, Haixia Yao, Feng Bao
Comments (0)
books