• DocumentCode
    2106856
  • Title

    Input method against Trojan horse and replay attack

  • Author

    Sakurai, Shoji ; Ushirozawa, Shinobu

  • Author_Institution
    Inf. Technol. R&D Center, Mitsubishi Electr. Corp., Kamakura, Japan
  • fYear
    2010
  • fDate
    17-19 Dec. 2010
  • Firstpage
    384
  • Lastpage
    389
  • Abstract
    During a user´s transactions over the Internet, there are risks of unauthorised third party transactions carried out on the user´s account, using the man-in-the-middle (MITM) attack and Trojan horse. In this paper, we propose a new interactive input method of sensitive information such as credit-card numbers and account numbers against these attacks. The proposing method relatively decides the input value that a user inputs using GUI with two or more cursors which move to different directions simultaneously. The user inputs the information based on a shared secret between the user and a server beforehand, and moves one of the cursors from the shared secret to the input value, and the server changes the cursors´ position and asks a question about the value which the users cursors points at. The server can decide the user´s input value though the response for the question. This method is strong and does not give any hint about which cursor is used t to the attacker unless both the user and the server expose the shared value and the input value.
  • Keywords
    Internet; authorisation; bank data processing; graphical user interfaces; interactive systems; invasive software; GUI; Internet; MITM attack; Trojan horse; account number; credit-card number; interactive input method; man-in-the-middle attack; replay attack; shared secret; unauthorised third party transaction; Browsers; Graphical user interfaces; Integrated circuits; Internet; Malware; Servers; Transforms; MITB attack; component; input method; replay attack; trojan horse;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
  • Conference_Location
    Beijing
  • Print_ISBN
    978-1-4244-6942-0
  • Type

    conf

  • DOI
    10.1109/ICITIS.2010.5689592
  • Filename
    5689592