Open AccessPosted Content
Counterfeiting, Including Phishing, as Identity Theft
Reads0
Chats0
TLDR
On successful verification of a TLS certificate's digital signature the browser should present the 'user-browser' shared secret together with the TLS certificate’s identity credentials, which allows the user to authenticate both her browser and the identity specified in the TLS certificates.Abstract:
I researched the ability of browsers to counterfeit the behaviour of installed software. In full screen mode browsers can counterfeit almost anything, including BSOD, formatting the hard drive and fake login screens. I found one category of behaviour which could not be counterfeited by a remote website. On examination every solution in that category was a secret known by the computer user and her browser. That is, remote websites cannot counterfeit what they do not know. Neither Bob nor Mallory know secrets shared between the computer user and her computer. This transformed game theory research into cryptography research. On successful verification of a TLS certificate's digital signature the browser should present the 'user-browser' shared secret together with the TLS certificate's identity credentials. This allows the user to authenticate both her browser and the identity specified in the TLS certificate. Following these conclusions, an authentication mechanism for manufactured goods is presented.read more
Citations
More filters
Posted Content
Cryptography Based Solutions to Counterfeiting of Manufactured Goods
TL;DR: Authentication solutions, to prevent identity theft, were developed for the two categories of manufactured goods i.e. pharmaceutical drugs and currencies, respectively, and were found to be analogous to digital signatures.
References
More filters
Proceedings ArticleDOI
Why phishing works
TL;DR: This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users by analyzing a large set of captured phishing attacks and developing a set of hypotheses about why these strategies might work.
Proceedings ArticleDOI
The battle against phishing: Dynamic Security Skins
Rachna Dhamija,J. D. Tygar +1 more
TL;DR: A new scheme is proposed, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof.
Book
Games of Strategy
Avinash Dixit,Susan Skeath +1 more
TL;DR: This is an inviting introduction to game theory, offering students an engaging, comprehensive view of the discipline without assuming a prior knowledge of economics or complex mathematics.
Proceedings ArticleDOI
The Emperor's New Security Indicators
TL;DR: The first empirical evidence that role playing affects participants' security behavior is contributed: role-playing participants behaved significantly less securely than those using their own passwords.
Journal ArticleDOI
Passive learning from television
TL;DR: In this paper, the authors focus on what is "caught" rather than "taught", and on the processes by which such learning may take place, typically effortless, responsive to animated stimuli, amenable to artificial aid to relaxation, and characterized by an absence of resistance to what is learned.