Amir Herzberg: Defending against Phishing without Client-side Code (in Hebrew)

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
74 views
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on May 4, 2011

Defending against Phishing without Client-side Code

We study defenses against phishing websites, which do not require installation of any software on the client side. The two main website defenses we discuss, are server identification e.g. using secret images, and the usage of bookmarks and/or cookies as a secondary form of authentication. We discuss the design of such server-only defenses, and results of experimental studies of security and usability.

Usability studies show that server-identification, e.g. by an image or text displayed in the login page, can provide a modest improvement in the detection rates of spoofed sites. We found an improvement in detection rates, when the user was actively involved in the image selection and display (e.g. if user must click on the image).

However, server-identifiers must be protected from exposure; this is usually achieved by some form of secondary user authentication, most commonly using cookies and/or bookmarks. We discuss these options. In particular, we show two possible advantages from using bookmarks to provide secondary user identification: improved defense against phishing, in particular against phishing emails and phishing by links, e.g. of search engine results; and ability to protect the authentication secrets against eavesdroppers and spoofed servers.
Bio

Prof. Amir Herzberg received B.Sc. (Computer Engineering), M.Sc. (Electrical Engineering) and D.Sc. (Computer Science), from the Technion, Israel, at 1982, 1987 and 1991, respectively. Since 1982, he worked in software and systems R&D, mostly in security and networking, as developer, manager and CTO, in few companies. During 1991-2000, Prof. Herzberg filled research and management positions in IBM Research (New York and Israel). Since 2002, he is an associate professor in the Computer Science department of Bar Ilan University. His current research interests include security of communication and commerce, quality of service, vehicular and ad-hoc networking, and applied cryptography

http://www.owasp.org/index.php/OWASP_Israel_2008_Conference_at_the_Interdisci...

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (0)

Sign In or Sign Up now to post a comment!
Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more