Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2005: Security Protocols pp 82–88Cite as

Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable)

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4631))

Abstract

The users of online banking systems are currently at risk from “phishing” scams. Confidence tricksters persuade them to visit fraudulent websites and use their authentication credentials to steal from the victims’ accounts. We analyse the authentication protocols used for online banking, find that they are entirely inadequate, and consider how to improve systems design so as to discourage attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dierks, T., Allen, C.: The TLS Protocol, Version 1.0, IETF, RFC2246 (January 1999)

    Google Scholar 

  2. DrSpamcake: Get on aol from off aol. alt.online-service.america-online (January 2, 1996), http://groups.google.com/groups?selm=4calah$eoh@newsbf02.news.aol.com

  3. Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. IETF Internet Draft (November 18, 1996) draft-freier-ssl-version3-02.txt

  4. Harriman, D.D.: Password Fishing on Public Terminals. In: Computer Fraud and Security Bulletin, pp. 12–14. Elsevier Science Publishers, New York (1990)

    Google Scholar 

  5. Lee, L.: AOL scam warning. bit.listserv.christia (September 29, 1995) http://groups.google.com/groups?selm=950929165422_112740484@mail02.mail.aol.com

  6. MailFrontier Inc: MailFrontier to Unveil Phishing IQ Test II at Inbox East. Press Release (November 11, 2004) http://www.mailfrontier.com/press/press_phishtest2.html

  7. RSA Security Inc: RSA SecurID Authentication. http://www.rsasecurity.com

Download references

Author information

Authors and Affiliations

  1. University of Cambridge, Computer Laboratory, William Gates Building, 15 JJ Thomson Avenue, Cambridge CB3 0FD, United Kingdom

    Richard Clayton

Authors
  1. Richard Clayton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruce Christianson Bruno Crispo James A. Malcolm Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Clayton, R. (2007). Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77156-2_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77155-5

  • Online ISBN: 978-3-540-77156-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation