Download presentation
Presentation is loading. Please wait.
1
10/20/2009 Loomi Liao
2
The problems Some anti-phishing solutions The Web Wallet solutions The Web Wallet User Interface User study Discussion 2
3
A semantic attack : it exploits the gap between user’s intentions and the system’s operation. 3
4
A site’s appearance does not reliably reflect the site’s true identity. Browser fails to give appropriate protection to the sensitive data submission. User Look and Feel Semantic meaning of its content Browser Correct URL SSL Certificate Site registration information 4
5
Locations of warning indicators Peripheral area or centrally displayed web page Not user’s primary goal Sloppy but common web practices Use IP addresses instead of hostnames Use a domain name that is different from their brand names Use non-SSL protected login pages No good alternatives suggested 5
6
Stop phishing at the email level Use security toolbars Visually differentiate the phishing sites from the spoofed legitimate sites Two-factor authentication 6
7
Get the User's Intention what is the data? where will it go? Integrate Security into the Workflow Disable the web form fields so that the user is forced to activate Web Wallet Make itself the only affordance for input Makes user explicitly acknowledge and indicate their intended site 7
8
SSL certificate Trusted third-party certificates Site popularity Site registration information Site category information 8
9
1. Form Annotation 2. Security Key 3. Browser Sidebar 4. Confirmation Interface 5. Negative Visual Feedback Flying icon Zooming character 9
10
Normal Phishing Attack Undetected-form Attack Online-keyboard Attack Fake-wallet Attack Fake-suggestion Attack 10
11
Spoof rates with and without the Web Wallet protection Spoof rates of the five attacks in the Web Wallet test 11
12
12
13
Effectively prevent Normal phishing attack Online-keyboard attack Fake-suggestion attack Fail to effectively prevent Undetected-form attack Fake-wallet attack Negative visual feedback fails 13
14
Can users trust Web Wallet? Spoofed Web Wallet Fail to give correct suggestions Can security task integrate into the workflow? Forcing users to use it by disabling the sensitive input field Asking users to select their intended site 14
15
M. Wu, R. Miller, and G. Little. Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In Proceedings of the Symposium On Usable Privacy and Security 2006, Pittsburgh, PA, July 12-14, 2006.Web Wallet: Preventing Phishing Attacks by Revealing User Intentions 15
16
16
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.