DocumentCode :
3513726
Title :
APPMA - an Anti-phishing protocol with mutual Authentication
Author :
Saeed, Maryam ; Shahhoseini, Hadi Shahriar
Author_Institution :
Iran Univ. of Sci. & Technol., Tehran, Iran
fYear :
2010
fDate :
22-25 June 2010
Firstpage :
308
Lastpage :
313
Abstract :
The phishing as an online identity theft is one of the fastest growing crimes in the Internet. Several counter-measures are proposed through the years, one of them is the Anti-phishing Authentication (APA) protocol that is based on SPEKE which is a Password Authenticated Key Exchange (PAKE) protocol. In this paper, it is shown that the APA protocol is vulnerable to password compromise impersonation, ephemeral key compromise impersonation and malicious server attacks. An improved anti-phishing protocol is also proposed that provides several security attributes including mutual authentication, forward secrecy, known session key security, no key control, Key confirmation, and resilience to Denning-Sacco, password compromise impersonation, Unknown Key Share (UKS), off-line dictionary, undetectable online dictionary, ephemeral key compromise impersonation, Key Compromise Impersonation (KCI), eavesdropping, message loss, message modification, message insertion and message replay attacks while it provides better efficiency when compared with the APA protocol.
Keywords :
Authentication; Cryptography; Dictionaries; Protocols; Resilience; Servers; APA Protocol; Anti-Phishing; Cryptographic Protocols; Network Security; Password Authenticated Key Exchange;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computers and Communications (ISCC), 2010 IEEE Symposium on
Conference_Location :
Riccione, Italy
ISSN :
1530-1346
Print_ISBN :
978-1-4244-7754-8
Type :
conf
DOI :
10.1109/ISCC.2010.5546794
Filename :
5546794
Link To Document :
بازگشت