AntiPhishing Scheme: Preventing Confidential Data from Posted to Spoofed Site - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

AntiPhishing Scheme: Preventing Confidential Data from Posted to Spoofed Site

Description:

2006 2nd Joint Workshop between Security Research Labs in JAPAN and KOREA ... posting user tries, and registers in black list, which the site is spoofed one. ... – PowerPoint PPT presentation

Number of Views:158
Avg rating:3.0/5.0
Slides: 16
Provided by: chi9150
Category:

less

Transcript and Presenter's Notes

Title: AntiPhishing Scheme: Preventing Confidential Data from Posted to Spoofed Site


1
Anti-Phishing Scheme Preventing Confidential
Data from Posted to Spoofed Site
  • 2006.02.20
  • Researcher Hunsuk Choi
  • Presenter Yuna Kim
  • High Performance Computing Laboratory, POSTECH,
    Republic of KOREA

2
Contents
  • Phishing Attack
  • Problem Definition
  • Proposed Scheme
  • Experiments
  • Conclusion Future Works

3
Introduction
  • Phishing is a form of social engineering trying
    to fraudulently acquire confidential information
    by masquerading as a trustworthy business.
  • Phishing attacks are becoming more popular
    because unsuspecting people are divulging
    personal information to attackers.
  • So, anti-phishing schemes are required neither to
    trust nor to qualify users.

4
Phishing Attack Model
This is Trusted Site T
User-expected identity T
Public trust site T
2. Target
4. Send Mail
Target site of phisher P T
Please verify your account
User As Computer
User A
Phisher P
Victim of phiser P
3. Build
5. Post
Spoofed site X of T
ID aaaPASSWORD bbb
5
Related Works
  • Fraud e-mail prevention
  • (-) easily evaded by the sophisticated phishers.
  • Browser-based Web-spoofing prevention
  • (-) web site is easily spoofed by drawing logos.
  • (-) most users have no knowledge of certificate
    authorities.
  • Authenticator prevention
  • (-) disable to defend against man-in-the-middle
    attack.
  • (-) not scalable.

6
Problem Definition
  • To prevent a user from posting his confidential
    information to a spoofed website, while the user
    does not have explicit knowledge about details of
    the function of the Web service.

Design Requirements
  • Systematic decision
  • Infrequent user work
  • Infrequent interruption

7
Basic Idea
  • Prevent a user from posting confidential data to
    a spoofed website.
  • Determine whether the posted data is confidential
    data or not.
  • Distinguish spoofed site from trusted site.
  • Predict a user-expected identity of the current
    site based on data typed by user.
  • Compare a user-expected identity with the real
    identity of the current site.

8
Phase 1 Initialization
  • User registers the domain of trusted sites into
    the client system as the following record

Type 1 record ltidentity, domain, levelgt
Phase 2 Training
  • When the user posts data to the trusted sites,
    the client system stores data as the following
    record
  • To prevent type 2 records from increasing up to a
    great volume, delete older and smaller-counter
    records.

Type 2 record ltURL, field_name, H(v), counter,
timestampgt
9
Phase 3 Prediction
  • When a user posts data to non-trusted site, the
    client system predicts the user-expected
    identity.
  • The user-expected identity infers one of the
    trusted site whose stored field value is same as
    the current posted data.

Phase 4 Collaboration
  • If user-expected identity and real-identity are
    different,
  • the current site may be a spoofed site or a
    sister-site of the trusted site.
  • In order to distinguish them, the client agent
    queries to the server-agent whether the current
    site can be authenticated.

10
Phase 5 Prevention
  • The client system judges the current site is a
    spoofed if
  • Current site is not registered as a trusted site.
  • None of server agents can authenticate the
    current site.
  • ? User posts the same confidential data as one of
    the trusted sites, but current site is not
    sister-site.
  • The client system rejects the posting user tries,
    and registers in black list, which the site is
    spoofed one.

11
Applied Scenario
Server agent of T1
This is Trusted Site T1
8. Query
Is X sister-site ?
9. No
3. Store
ltU1, P/W, 35, 1, 1000gt
1. Register
4. Post
ltT1, D1, limitedgt
ID aaaP/W bbb
2. Fill out
User
Users com
ID aaaP/W bbb
5. Connect the spoofed site X
10. Prevent
7. Predict
6. Fill out
User-expected identity T1
ID aaaP/W bbb
12
Experiment
  • We want to show that type 2 records are not
    increasing up to a great volume.
  • Real world data of 2 users for 5 days
  • No phishing attack
  • Interruptions
  • 2 times
  • of type 2 records
  • stayed in a steady state in spite of internet
    searching

of Type 2 records
of confidential information
? We can apply this scheme to real web browser.
accumulated of interruptions
13
Conclusion Future Works
  • We proposed a mechanism that defends against
    phishing attacks by preventing a user from
    posting data to a probably spoofed website.
  • We expect that a proper human-computer
    interaction which helps a system understands the
    meaning of a users activity will provide a
    useful defense against not only phishing attacks
    but also other kinds of attacks targeting users.
  • As a future work, we are required to implement
    the proposed mechanism.

14
  • Thank You!

15
Reference
  • 1 Merja Ranta-aho. WWW and the surng metaphor
    harmful for the novice user? In Proceedings of
    the 16th international symposium on Human Factors
    in telecommunications, 1997.
  • 2 Christine E. Drake, Jonathan J. Oliver, and
    Eugene J Koontz. Anotomy of a phishing email. In
    Proceedings of the 1st Conference on Email and
    Anti-Spam, 2004.
  • 3 Aaron Emigh. Online identity theft Phishing
    technology, chokepoints and countermeasures.
    http//www.antiphishing.org/Phishing-dhs-report.pd
    f.
  • 4 Amir Herzberg and Ahmad Gbara. Trustbar
    Protecting (even naive) web users from spoong and
    phishing attacks. Technical Report DIMACS TR
    2004-23, 2004.
  • 5 Tie-Yan Li and Yongdong Wu. Trust on web
    browser Attack vs. defense. In Proceedings of
    the 1st ACNS, 2003.
  • 6 Zishuang Ye, Sean Smith, and Denise Anthony.
    Trusted paths for browsers. ACM Transactions on
    Information and System Security, 8(2)153--186,
    2005.
  • 7 Microsoft. Microsoft security bulletin
    ms01-017.
  • 8 Rachna Dhamija and J. D. Tygar. The battle
    against phishing Dynamic security skins. In
    Proceedings of the Symposium On Usable Privacy
    and Security, 2005.
  • 9 Alma Whitten and J. D. Tygar. Anotomy of a
    phishing email. In Proceedings of the 8th Usenix
    Security Symposium, pp. 169--184, 1999.
  • 10 Amir Herzberg. Web spoong and phishing
    attacks and their prevention, MICCS 2004.
  • 11 Robert Lemos. Study Spammers use e-mail id
    to gain legitimacy. http//news.zdnet.com/2100-100
    9-22-5357269.html.
  • 12 CoreStreet. Spoofstick. http//www.spoofstick
    .com/
  • 13 Louise Sheeran, M. Angela Sasse, Jon Rimmer,
    and Ian Wakeman. How web browsers shape users'
    understanding of networks. The Electronic
    Library, 20(1)35--42, 2002.
  • 14 Anti-Phishing Working Group. Phishing
    activity trends report - 2005.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "AntiPhishing Scheme: Preventing Confidential Data from Posted to Spoofed Site" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!