Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Password Rescue: A New Approach to Phishing Prevention
Tweet

connect with us

Password Rescue: A New Approach to Phishing Prevention

Abstract: 

A phishing attack exploits both the enormous scale of the web and the fact that users are often enormously confused about what they can trust. Scale allows the phisher to get many responses to his attack, even though the probability of any given user responding is low (it costs the phisher no more to send a million emails than to send one). The enormous confusion about trust allows the phisher make a copy of a bank web-site look as trustworthy to the victim as the original. Previous approaches to this problem have tried to solve the problem by preventing useful information leaking to the phisher; for example by alerting the user to suspicious or low reputation sites. Generally this is done at the client (typically in a browser plugin or add-on).

We propose a scheme that in several respects is a radical departure from previous approaches. First, we make no attempt to prevent information leakage. Rather, we try to detect and then rescue users from the consequences of bad trust decisions. Second, we harness scale against the attacker instead of trying to solve the problem at each client. Thus our scheme increases in efficacy with the scale of deployment: it offers very little protection if a small fraction of users participate, but makes phishing almost impossible as the deployment increases. Finally, we make clear that small trials of our system would prove little. The scale requirements of Password Rescue make it suitable for large deployment or not at all. HotSec seems like the best forum for such ideas.

Dinei Florêncio, Microsoft Research

Cormac Herley, Microsoft Research

BibTeX
@inproceedings {268933,
author = {Dinei Flor{\^e}ncio and Cormac Herley},
title = {Password Rescue: A New Approach to Phishing Prevention },
booktitle = {First USENIX Workshop on Hot Topics in Security (HotSec 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {https://www.usenix.org/conference/hotsec-06/password-rescue-new-approach-phishing-prevention},
publisher = {USENIX Association},
month = jul
}
Download

Links

Paper: 
http://usenix.org/events/hotsec06/tech/full_papers/florencio/florencio.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us