Visual security is feeble for anti-phishing
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
seminar surveyer
Active In SP
**

Posts: 3,541
Joined: Sep 2010
#1
10-01-2011, 12:26 PM




Chun-Ming Leung
Department of Information Engineering
The Chinese University of Hong Kong



ABSTRACT

Addressing recent online banking threats, the banking industry offers us several solutions for our safety online banking experience, however those solutions may not finally secure the users under the rising threats. The main challenges are how to enable safe online banking on a compromised host, and solving the general ignorance of security warning. CAPTCHA is primarily used to anti bot automated login, also, CAPTCHA base application can further provides secure PIN input against keylogger and mouse-logger for bank's customer. Assuming users are always unconscious of security warning in our model, we have designed a series of attacks and defenses under this interesting condition. In this work, we started by formalizing a security defense utilizing CAPCTCHA, its limitations are analyzed; Then, we attacked a local bank employing CAPTCHA solution, which we show how its can be bypassed from its vulnerability in its implementation. We further introduce control-relaying man-in-the-middle (CR-MITM) attack, a remote attack just like a remote terminal service that can capture and relay user inputs without local Trojan assistant, which is possible to defeat CAPTCHA phishing protection in the future. Under our model, we conclude, visual security defense alone is feeble for anti-phishing.



INTRODUCTION
Since the first phishing term was record at 1996 which was hunting for free AOL account, phishing is having a increasing tendency over the years. It then evolutes to financial fraud quickly, as the criminals are always aim for high yield. Luckily, with the pursuit of online banking, the banking industry is always motivated to play a leading role in fighting phishing threat. However, the reported loss to Internet Crime such as phishing has broken its record each year, which was up to US$239 Million lost in 2007. It is telling us that we are still looking for a better solution.
To confirm a destination it claim to be, the most trustworthy technique is the use of Digital Certificate, which the certification binding its public key together with an identity. The banking industry started to implement Digital Certificates in 2002, however, this trustful solution is always ignored by user . An incident of HSBC on 4th March 2008, that one of the world biggest bank has forgotten to renew its Digital Certificate, but it claimed its online banking for their customers still not affected. As we can imagine how many users ignored the warning of invalid Digital Certificate and had their online banking as usual in that day.

Notice that the Digital Certificates solution is a one-way authentication of the bank, customers are rarely have their own Digital Certificates. Obviously, the identity of customer is still threatened by identity theft (e.g. Keylogger on infected machine) as since the old age.
In 2005, One-Time-Password(OTP) based Two-factor authentication solution - Secure Token was delivered to bank customer to fight against keylogger and phishing. As the worldwide encouragement of Two-factor authentication in the same year, the phishing technique is also evolving, Secure Token was found vulnerable to Real-Time Man-In-The-Middle(RT-MITM) Attack[6] in 2005. For the fall of Secure Token by RT-MITM, we will describe it in the later section.

Beside of authenticate the user, there is also needed to authenticate the bank. Bank of America(BoA) tried to take a leading role in fighting phishing, In 2005, BoA firstly role out SiteKey to address the issue, which was originally invented by RSA lab. However, the SiteKey was doubted it can achieves its target, since it obviously risks suffer from MITM attack.

Recently, the idea of Human Interactive Proof(HIP) is used to fight against phishing . There is an CAPTCHA application used in online Banking[1], however, the application may not achieves its initial goal when facing the rising threat of phishing techniques such as RT-MITM.



for more:
ieeexplore.ieeeXplore/login.jsp?url=ieeexplore.ieeeiel5/5247340/5276889/05276940.pdf%3Farnumber%3D5276940&authDecision=-203




Reply
shruthi sebastian
Active In SP
**

Posts: 1
Joined: Feb 2011
#2
14-02-2011, 03:56 PM

Can you please provide the base paper and related papers for the topic "Visual security is feeble for anti-phishing"
Reply
archana01
Active In SP
**

Posts: 1
Joined: Feb 2011
#3
20-02-2011, 12:41 PM

hey can u please send me the full report for the seminar and presentation topic :"CAPTCHA security for Phishing: Secure or not?"
kindly mail me as soon as possible.
Reply
jee009
Active In SP
**

Posts: 2
Joined: Apr 2011
#4
04-04-2011, 09:18 PM

help meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Reply
pallavi_29
Active In SP
**

Posts: 2
Joined: May 2011
#5
03-05-2011, 01:04 PM

plz send me seminar and presentation report on topic CAPTCHA security for Phishing: Secure or not? on my mail pthengane@yahoo.com
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Biometric Security Palm Vein Technology project uploader 2 1,475 19-08-2013, 09:55 AM
Last Post: study tips
  INFORMATION SECURITY USING STEGANOGRAPHY ppt seminar tips 0 872 07-02-2013, 04:20 PM
Last Post: seminar tips
  Visual Cryptography for Color Image using Color Error Diffusion seminar ideas 1 1,106 05-02-2013, 10:26 AM
Last Post: seminar tips
  CYBER CRIME AND SECURITY REPORT project girl 1 840 02-02-2013, 11:45 AM
Last Post: seminar tips
  OPERATING SYSTEM SECURITY project uploader 4 3,203 19-12-2012, 01:02 PM
Last Post: seminar tips
  Wavelet-based Image Compression Using Human Visual System Models seminar ideas 1 919 03-12-2012, 12:39 PM
Last Post: seminar tips
  CYBERCRIME & NETWORK SECURITY seminar flower 1 1,581 05-10-2012, 11:44 AM
Last Post: seminar tips
  CYBER AND SECURITY ppt seminar flower 0 592 24-09-2012, 03:55 PM
Last Post: seminar flower
  SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES seminar flower 0 529 24-09-2012, 01:26 PM
Last Post: seminar flower
  cryptography and network security full report computer science technology 18 21,013 03-08-2012, 11:31 AM
Last Post: seminar ideas