Conference paper

Appeared in: 2014 IEEE International Conference on High Performance Computing and Communications, 2014 IEEE 6th International Symposium on Cyberspace Safety and Security, 2014 IEEE 11th International Conference on Embedded Software and Systems (HPCC/CSS/ICESS 2014)

Publication year: 2014

Pages: 747-754

ISBN: 978-1-4799-6122-1

eISBN: 978-1-4799-6123-8

DOI Link: https://doi.org/10.1109/HPCC.2014.126

Conference: 6th International Symposium on Cyberspace Safety and Security (CSS 2014)

Abstract: 

Phishing has been and still is a prevalent attack causing serious damage to numerous ingenuous Internet users every year. Usable security is understood as one required pillar for developing effective protection means in this context. We therefore survey and discuss on available usable security mechanisms against phishing. Our investigations show that existing solutions contain too many obstacles for the users. This experienced ambiguity is further amplified by the vast amount of distinct designs varying amongst vendors, platforms and versions of web browsers even within one class of security warnings. This paper introduces a novel anti-phishing mechanism which relies on the idea that the whole appearance of a web application is dress able according to an individual user's preferences. The guiding principle behind our proposal is to implant security warnings as an intrinsic part of the application instead of having it placed somewhere in the runtime environment, which is the web browser in this context. One goal is to render the cloning of a website practically infeasible for an attacker by increasing the number of web pages to retrieve and store in order to create an identical copy of that site. The second and more important goal is to raise the attention of the users for an unofficial site due to a wrong appearance which is not in conformance with an actual user's page dress. A user study based on a developed online banking service supporting our suggested UI-Dressing has been conducted. It reveals that the proposed approach takes the desired effect in empowering users to detect fake sites and thus makes our introduced approach a valuable path to follow up.

Harvard Citation style: Lo Iacono, L., Nguyen, H., Hirsch, T., Baiers, M. and Möller, S. (2014) UI-Dressing to Detect Phishing, in 2014 IEEE International Conference on High Performance Computing and Communications, 2014 IEEE 6th International Symposium on Cyberspace Safety and Security, 2014 IEEE 11th International Conference on Embedded Software and Systems (HPCC/CSS/ICESS 2014). Piscataway, NJ: IEEE. pp. 747-754. https://doi.org/10.1109/HPCC.2014.126

APA Citation style: Lo Iacono, L., Nguyen, H., Hirsch, T., Baiers, M., & Möller, S. (2014). UI-Dressing to Detect Phishing. In 2014 IEEE International Conference on High Performance Computing and Communications, 2014 IEEE 6th International Symposium on Cyberspace Safety and Security, 2014 IEEE 11th International Conference on Embedded Software and Systems (HPCC/CSS/ICESS 2014). (pp. 747-754). IEEE. https://doi.org/10.1109/HPCC.2014.126