• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • No language data
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks

Henshaw, James Presley 01 June 2005 (has links) (PDF)
Phishing attacks are spam e-mails that attempt to fool recipients into divulging their identifying information by posing as a message from a well known company and using that company's branding and logos. It is estimated that phishing attacks have cost bank and credit card customers $1.2 billion in the U.S. in 2003. Previous work, content-triggered trust negotiation (CTTN), filters Internet traffic for sensitive data, and prevents a user from disclosing sensitive information to an un-trusted server. However, existing CTTN implementations are vulnerable to client-side scripts that obfuscate any data the client's browser sends to the web server in order to bypass CTTN's filter. To increase the security of CTTN, this thesis introduces Phishing Warden, a browser-plug-in that filters content before client-side scripts can execute, thereby preventing the scripts from obfuscating data in order to bypass the filter. Phishing Warden negotiates the release of sensitive data through web forms via the AutoFill button. After Phishing Warden determines the web server is trustworthy of the requested information, the sensitive data is automatically inserted into the form, indirectly informing the user that Phishing Warden trusts the server with this information. Besides potentially obfuscating data, scripts in Internet browsers can exploit security vulnerabilities which allow malicious scripts to potentially take over the computer, or deceive the user with a fake toolbar [31]. In addition to preventing data obfuscation by client-side scripts, Phishing Warden also allows a user to customize script control with the push of a button, letting the user decide which websites to trust enough to run scripts. Phishing Warden extends CTTN to remember past sites deemed trustworthy by the user.

Page generated in 0.056 seconds