Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2006: Information Security Practice and Experience pp 112–122Cite as

Preventing Web-Spoofing with Automatic Detecting Security Indicator

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

Abstract

The anti-spoofing community has been intensively proposing new methods for defending against new spoofing techniques. It is still challenging for protecting naïve users from advanced spoofing attacks. In this paper, we analyze the problems within those anti-spoofing mechanisms and propose a new Automatic Detecting Security Indicator (ADSI) scheme. This paper describe the trust model in ADSI in detail firstly. In a secure transaction, ADSI may generate a random picture and embed it into the current web browser. This can be triggered by any security relevant event occurred on the browser, and then performs automatic checking on current active security status. When a mismatch of embedded images is detected, an alarm goes off to alert the users. Since an adversary is hard to replace or mimic the randomly generated picture, the web-spoofing attack can not be mounted. In comparison with existing proposals, our scheme has the weakest security assumption and places a very low burden on the computer by automating the process of detection and recognition of the web-spoofing for SSL-enabled communication. Moreover, this scheme has little intrusive on the browser. Finally, this scheme can be implemented in trusted PC at Internet Cafe requiring neither Logo Certification Authority, nor the scheme of personalization.

The first author’s work is done during her attachment to Institute for Infocomm Research under its sponsorship. This effort is partially sponsored by the National Basic Research Program (973) MOST of China under Grant No. 2003CB317003.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Freier, A.O., Kariton, P., Kocher, P.C.: The SSL Protocol: Version 3.0. Internet draft, Netscape Communications (1996)

    Google Scholar 

  2. Felten, E.W., Balfanz, D., Dean, D., Wallach, D.S.: Web spoofing: An Internet Con Game. In: 20th National Information Systems Security Conference (1997), http://www.cs.princeton.edu/sip/pub/spoofing.html

  3. Citibank Corp., Learn About or Report Fraudulent E-mails (April 2004), http://www.citibank.com/domain/spoof/reportabuse.htm

  4. Multiple Browser URI Display Obfuscation Weakness, Security Focus, (December 2003), http://www.securityfocus.com/bid/9182/discussion/

  5. Anti-Phishing Working Group, Phishing Attack Trends Report, (March 2004), available online at, http://www.antiphishing.org/resources.htm (published, April 2004)

  6. Ye, Z., Smith, S.: Trusted Paths for Browsers. In: Proceedings of the 11th Usenix Security Symposium (2002)

    Google Scholar 

  7. Herzberg, A., Gbara, A.: TrustBar: Protecting (evenNaive) Web Users from Spoofing and Phishing Attacks (2004), Cryptology ePrint Archive: Report 2004/155

    Google Scholar 

  8. Adelsbach, A., Gajek, S., Schwenk, J.: Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures. In: Wright, A.H., Vose, M.D., De Jong, K.A., Schmitt, L.M. (eds.) FOGA 2005. LNCS, vol. 3469, pp. 204–216. Springer, Heidelberg (2005)

    Google Scholar 

  9. Li, T.-Y., Wu, Y.: Trust on web browser: Attack vs. Defense. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 241–253. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Tygar, J.D., Whitten, A.: WWW Electronic Commerce and Java Trojan Horses. In: Proceedings of the Second USENIX Workshop on Electronic Commerce (1996)

    Google Scholar 

  11. PassMark Security, Protecting Your Customers from Phishing Attacks- An Introduction to PassMarks, http://www.passmarksecurity.com/

  12. Waterken Inc., Waterken YURL Trust Management for Humans, http://www.waterken.com/dev/YURL/Name/

  13. Visa, Verified by Visa, http://www.visa.com/

  14. Lefranc, S., Naccache, D.: Cut-&-paste attacks with JAVA. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 1–15. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Bauer, Anrej: Random Art, http://gs2.sp.cs.cmu.edu/art/random/

  16. Dhamija, R., Tygar, J.D.: The Battle Against Phishing Dynamic Security Skins. In: Proceedings of the 2005 ACM Symposium on Usable Security and Privacy (July 2005)

    Google Scholar 

  17. Friedman, B., Hurley, D., Howe, D., Felten, E., Nissenbaum, H.: Users’ Conceptions of Web Security: A Comparative Study. In: CHI 2002 Extended Abstracts of the Conference on Human Factors in Computing Systems, pp. 746–747 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Central South University, Changsha, 410083, China

    Fang Qi & Weijia Jia

  2. Institute for Infocomm Research, 21, Heng Mui Keng Terrace, 119613, Singapore

    Fang Qi, Feng Bao, Tieyan Li & Yongdong Wu

Authors
  1. Fang Qi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tieyan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weijia Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yongdong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

  2. Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore

    Robert Deng

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Qi, F., Bao, F., Li, T., Jia, W., Wu, Y. (2006). Preventing Web-Spoofing with Automatic Detecting Security Indicator. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_11

Download citation

  • DOI: https://doi.org/10.1007/11689522_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33052-3

  • Online ISBN: 978-3-540-33058-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation