1 / 15

Anti-Phishing Scheme: Preventing Confidential Data from Posted to Spoofed Site

This research proposes a scheme to prevent users from posting confidential data to spoofed websites, defending against phishing attacks. The scheme involves predicting user-expected identity and distinguishing spoofed sites from trusted ones. Experimental results show promising outcomes.

cardoza
Download Presentation

Anti-Phishing Scheme: Preventing Confidential Data from Posted to Spoofed Site

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anti-Phishing Scheme: Preventing Confidential Data from Posted to Spoofed Site 2006.02.20 Researcher: Hunsuk Choi Presenter: Yuna Kim High Performance Computing Laboratory, POSTECH, Republic of KOREA

  2. Contents • Phishing Attack • Problem Definition • Proposed Scheme • Experiments • Conclusion & Future Works

  3. Introduction • Phishing is a form of social engineering trying to fraudulently acquire confidential information by masquerading as a trustworthy business. • Phishing attacks are becoming more popular because unsuspecting people are divulging personal information to attackers. • So, anti-phishing schemes are required neither to trust nor to qualify users.

  4. 1. Register ID = aaaPASSWORD = bbb Phishing Attack Model This is Trusted Site T User-expected identity = T Public trust site T 2. Target 4. Send Mail Target site of phisher P = T Please verify your account User A’s Computer User A Phisher P Victim of phiser P 3. Build 5. Post Spoofed site X of T ID = aaaPASSWORD = bbb

  5. Related Works • Fraud e-mail prevention • (-) easily evaded by the sophisticated phishers. • Browser-based Web-spoofing prevention • (-) web site is easily spoofed by drawing logos. • (-) most users have no knowledge of certificate authorities. • Authenticator prevention • (-) disable to defend against man-in-the-middle attack. • (-) not scalable.

  6. Problem Definition • To prevent a user from posting his confidential information to a spoofed website, while the user does not have explicit knowledge about details of the function of the Web service. Design Requirements • Systematic decision • Infrequent user work • Infrequent interruption

  7. Basic Idea Prevent a user from posting confidential data to a spoofed website. • Determine whether the posted data is confidential data or not. • Distinguish spoofed site from trusted site. • Predict a user-expected identity of the current site based on data typed by user. • Compare a user-expected identity with the real identity of the current site.

  8. Phase 1: Initialization • User registers the domain of trusted sites into the client system as the following record: • Type 1 record : <identity, domain, level> Phase 2: Training • When the user posts data to the trusted sites, the client system stores data as the following record: • To prevent type 2 records from increasing up to a great volume, delete older and smaller-counter records. • Type 2 record: <URL, field_name, H(v), counter, timestamp>

  9. Phase 3: Prediction • When a user posts data to non-trusted site, the client system predicts the user-expected identity. • The user-expected identity infers one of the trusted site whose stored field value is same as the current posted data. Phase 4: Collaboration • If user-expected identity and real-identity are different, • the current site may be a spoofed site or a sister-site of the trusted site. • In order to distinguish them, the client agent queries to the server-agent whether the current site can be authenticated.

  10. Phase 5: Prevention • The client system judges the current site is a spoofed if • Current site is not registered as a trusted site. • None of server agents can authenticate the current site. → User posts the same confidential data as one of the trusted sites, but current site is not sister-site. • The client system rejects the posting user tries, and registers in black list, which the site is spoofed one.

  11. trusted site T1Domain = D1 Spoofed site X of T1 Applied Scenario Server agent of T1 This is Trusted Site T1 8. Query Is X sister-site ? 9. No 3. Store <U1, P/W, 35, 1, 10:00> 1. Register 4. Post <T1, D1, limited> ID = aaaP/W = bbb 2. Fill out User User’s com ID = aaaP/W = bbb 5. Connect the spoofed site X 10. Prevent 7. Predict 6. Fill out User-expected identity = T1 ID = aaaP/W = bbb

  12. Counts Accumulated # of Transactions Experiment • No phishing attack • Interruptions • 2 times • # of type 2 records • stayed in a steady state in spite of internet searching • We want to show that type 2 records are not increasing up to a great volume. • Real world data of 2 users for 5 days # of Type 2 records # of confidential information → We can apply this scheme to real web browser. accumulated # of interruptions

  13. Conclusion & Future Works • We proposed a mechanism that defends against phishing attacks by preventing a user from posting data to a probably spoofed website. • We expect that a proper human-computer interaction which helps a system understands the meaning of a user’s activity will provide a useful defense against not only phishing attacks but also other kinds of attacks targeting users. • As a future work, we are required to implement the proposed mechanism.

  14. Thank You!

  15. Reference • [1] Merja Ranta-aho. WWW and the surng metaphor: harmful for the novice user? In Proceedings of the 16th international symposium on Human Factors in telecommunications, 1997. • [2] Christine E. Drake, Jonathan J. Oliver, and Eugene J Koontz. Anotomy of a phishing email. In Proceedings of the 1st Conference on Email and Anti-Spam, 2004. • [3] Aaron Emigh. Online identity theft: Phishing technology, chokepoints and countermeasures. http://www.antiphishing.org/Phishing-dhs-report.pdf. • [4] Amir Herzberg and Ahmad Gbara. Trustbar: Protecting (even naive) web users from spoong and phishing attacks. Technical Report DIMACS TR: 2004-23, 2004. • [5] Tie-Yan Li and Yongdong Wu. Trust on web browser: Attack vs. defense. In Proceedings of the 1st ACNS, 2003. • [6] Zishuang Ye, Sean Smith, and Denise Anthony. Trusted paths for browsers. ACM Transactions on Information and System Security, 8(2):153--186, 2005. • [7] Microsoft. Microsoft security bulletin ms01-017. • [8] Rachna Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In Proceedings of the Symposium On Usable Privacy and Security, 2005. • [9] Alma Whitten and J. D. Tygar. Anotomy of a phishing email. In Proceedings of the 8th Usenix Security Symposium, pp. 169--184, 1999. • [10] Amir Herzberg. Web spoong and phishing attacks and their prevention, MICCS 2004. • [11] Robert Lemos. Study: Spammers use e-mail id to gain legitimacy. http://news.zdnet.com/2100-1009-22-5357269.html. • [12] CoreStreet. Spoofstick. http://www.spoofstick.com/ • [13] Louise Sheeran, M. Angela Sasse, Jon Rimmer, and Ian Wakeman. How web browsers shape users' understanding of networks. The Electronic Library, 20(1):35--42, 2002. • [14] Anti-Phishing Working Group. Phishing activity trends report - 2005.

More Related