FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:     | 1 |   ...   | 2 | 3 || 5 | 6 |   ...   | 33 |

«PhD-FSTC-2015-30 Ecole Doctorale IAEM Lorraine Faculté des Sciences, de la Technologie et de la Communication DISSERTATION Defense held on ...»

-- [ Page 4 ] --

The raise of phishing targets caused as well the raise of financial damage. No accurate estimation is available to quantify the financial loss due to phishing. However, in 2007 a Gartner

1.1. Phishing: an Online Con Game

Figure 1.2: Most targeted industry sectors for the 3rd quarter 2014 (source: APWG)

survey [gar07] estimated a direct financial loss of 3.2 billion dollars over the year due to phishing.

In 2010, a report [str10] about identity theft mainly performed with phishing attacks presented an estimation of 54 billion dollars loss as consequence of this theft. Lately, in 2013, the estimated direct loss over the year due to phishing was of 5.9 billion dollars reaching a record [rsa14]. As described in [AR14] the first day of a phishing attack is the most lucrative and thus fast take down of phishing websites is paramount to limit the financial damage. Between 2010 and 2014, the average uptime of phishing websites has been divided by two, dropping from 72 hours to 32 hours. More significant is the median uptime of phishing websites that decreased from 15 hours in 2010 to less than 9 hours in 2014. The development of phishing detection and prevention techniques reduced the delay of fake websites take down, thus reducing the financial loss due to each phishing attack. While causing important loss, phishing is a low reward activity for phishers [HF08]. Hence, the number of phishing attacks constantly increases to increase the gain, having for consequence the increase of victims and the raise of the global financial loss. The availability of easy-to-deploy phishing kits [CKV08] that target both users and victims makes performing phishing attacks an easy task and explain the raise of perpetrated attacks and the increase of phisher’s count. Phishing is the cybercrime equivalent of pickpocketing. It is easily perpetrated with low technical skills and low cost to the attacker thanks to phishing kits and cheap criminal hosting services.

1.1.4 Challenges to Fight Phishing The observation of phishing evolution shows that there is still room for improvement in techniques to cope with this cybercrime. Despite the progress made for fast take down of phishing websites, the global damage of phishing is still increasing due to the increase of attacks. Besides the financial damage caused by phishing attacks, phishing causes an erosion of trust among Internet users and start to destroy emails as a way of communicating. Hence, the development of new means to deal with this problem is an ongoing activity to reverse the loss growth trend.

The variety of phishing vectors and the ease to perform phishing attacks makes the fight against it very challenging. We identified six requirements to develop efficient protection techniques. These consider the characteristics of phishing namely the variety of vectors used, the Chapter 1. Phishing and Protection Techniques

speed of phishing attacks and the human factor. The requirements are the followings:

• Speed: Since phishing attacks make large monetary damage in few time and especially during the first hours of a phishing attack, the identification of a phish must be fast to limit the nefarious effects. If we consider phishing detection methods, these are involved while users are surfing the Web or consulting emails, thus a detection method must not impact the quality of the user’s experience by introducing large delay.

• Coverage: Phishing defences must be able to prevent against as many vectors as possible and a perfect phishing protection method would be able to deal with the several techniques presented in Section 1.1.2 to provide the best protection.

• Information required: The best phishing detection method must be easy to implement and must not rely on several information. Some phishing detection methods rely on several kind of information that is not necessarily available, which limit their applicability. In addition the retrieval of this information is often time consuming, which impacts the speed of the methods.

• Reliability: Phishing protection methods must protect from the most phishing attacks, as described in the coverage requirement. However, these must identify as low as possible legitimate communications as phishing attacks. Too many false alarms can affect badly the user experience. In addition, it can cause the loss of confidence in the protection technique impacting the user consideration.

• Ease of use: Methods must be easy to use and to understand by users. Most users and especially phishing victims have few technical knowledge and few knowledge of the way phishing attacks are performed, explaining why they are trapped. Hence, phishing protection must consider this parameter and be tailored to be easily used.

• Actual usage: This requirement is a consequence of the previous one and evaluate if the protection method can be actually implemented and used by users or if it is just ignored or too complicated to implement. This mostly evaluates the ability of a given method to cope with the unmotivated user property.

Several methods have been develop to cope with phishing and have been proved efficient in identifying attacks such that the time of phishing attacks globally decreased. Despite this efficacy, phishing is still an ongoing problem and these did not succeed to get rid of this threat.

To understand the cause of this unsuccess, we analyse to which extent state of the art phishing protection methods meet the introduced requirements.

1.2 Phishing Prevention Techniques For more than ten years the research activities to develop efficient techniques to cope with phishing have been very active. The solutions proposed can be divided in two main categories according to their goals that are phishing prevention and phishing detection. The former methods were the first to be introduced in order to prevent any connections to phishing websites for users. These techniques were mainly focused on three fields that are the development of strong authentication protocols, security toolbars to raise user awareness about phishing danger and the implementation of blacklists.

1.2. Phishing Prevention Techniques 1.2.1 Strong Authentication Schemes While accessing banking services, retail services or social network on the Internet for instance, one is expected to enter some personal information (e.g. username, password, etc.) to prove his identity to the web service and access his account. This is needed since the account associated to such service contains some other more sensitive information about the user that must be protected from access of others. This is the process of authentication required by any Internet service dealing with personal data. This process has been implemented with some flaws letting unauthorized users accessing this information. The use of weak passwords and their reuse by unsavvy users make the authentication process subject to attacks. Moreover, the reverse process, consisting in authenticating a website to a user, has been proven weak. Users cannot reliably identify the entity they communicate with, letting space for phishing attacks to occur.

Hence, some solutions have been proposed to fight phishing by developing strong authentication processes allowing both parties (client and server) to prove their identity without having to reveal sensitive information during the handshake.

The first proposed solutions consisted of browser extensions aiming to help users distinguish content provided by legitimate websites from content provided by unlegitimate entities. This is to avoid that users enter sensitive information in unlegitimate fields and to prevent thus credentials stealing. In [YS02], a browser extension giving different colors to window boundaries is introduced. Two kinds of windows are depicted to users according to the nature of the window content. It allows to distinguish browser provided status from web server provided contents.

Easily distinguishable windows help users to detect malicious content provided by web servers and prevent them for providing sensitive information to unlegitimate entities. In [DT05], a similar solution of tuned browser windows is proposed to authenticate a web server. It uses unique


images to display a dedicated password window for users to enter their credentials and log in to a given website. The look of the window is different for every user and transaction and generated based on a shared password between the user and the server. Hence, users can easily see if the displayed password window is a spoofed window since such window would not have the expected look for a given legitimate website.

Methods for improving servers authentication have been proposed like in [TH09]. DNS TXT records are used to store the legitimate entity’s certificate and authenticate to the client. A client plugin and a server plugin are used. The client plugin authenticates the web server by validating the certificate stored in the DNS TXT record. Then both plugins realize a mutual authentication using a one-time password.

One bad habit of Internet users is to use similar weak passwords for different websites. These can be easily guessed by phishers and one stolen password can give access to several accounts.

To cope with this bad habit some techniques to strengthen and differentiate passwords have been proposed [RJM+ 05, YS06, GLLA07]. For instance, Ross et al. introduce a browser extension named PwdHash [RJM+ 05]. This extension transparently produces different password for each site a user wants to sign in based on a single password. It relies on hash functions that generates a password from the unique user password and some data associated with the website that cannot be spoofed by a phisher: the domain name. It strengthens web password authentication and prevents to provide user’s password to phishers in fake websites since fake websites have a different domain name than the one they spoof.

Other techniques to strengthen the authentication process proposed the use of a second factor authentication other than a password. Nikiforakis et al. introduce the concept of Past Activity Tests (PACTs) to authenticate on a website [NMAM09]. A question related to past actions of the user while he last connected is asked to log in. Phishers using stolen credentials are unable Chapter 1. Phishing and Protection Techniques to reply to this kind of questions since it is the first time they try to log in and have denied access. The use of an additional trusted device like a cellphone for authentication is introduced in [PKP06]. A robust authentication technique relying on javascript is presented in [BJKP14].

This relies on a token delivered with a secure channel that is stored on the web browser and further used for every authentication.

On the one hand, the latest presented methods having for aim the strengthening of users authentication are efficient to avoid passwords stealing and the reuse of them by phishers. Some of the techniques proposing a second factor authentication have been adopted by sensitive services such as e-banking services to enforce the security. On the other hand, methods for strengthening server authentication while having good foundations did not improve the situation. Contrarily to strong user authentication that is imposed by e-services, strong server authentication is up to Internet users. Since most Internet users are unaware of the phishing dangers and since security is a secondary purpose, these optional methods have not been adopted. These security solutions [YS02, DT05] are not mandatory, difficult to understand and globally add constraints to users for their primary purpose of surfing the Web. Other techniques [TH09] being transparently used still have some flaws like being vulnerable to DNS cache poisoning attacks. Even though some of these techniques would be widely implemented, most users do not understand the provided security indicators proving authenticity of the entities they communicate with [HJ08]. This limits the applicability of server authentication techniques.

1.2.2 Security Toolbars To cope with the unmotivated user property to use security enhancement solutions [WT99] and the incapacity for users to efficiently exploit security indicators provided to them by web browsers, some browser extensions also called security toolbar were developed. Efficient indicators provided by web browsers can be used by mature users to easily infer the legitimacy of a website. One of these indicators is the address bar showing the URL of the consulted web page. One can easily see whether the domain name of the web page is the expected one. Another indicator is the use of a secure connection depicted by the use of the HTTPS protocol in the address bar. Finally, for the authentication of the web server one communicates with, the verification of the use of Transport Layer Security (TLS) certificates with a padlock icon is fast. Further investigation about the issuer of the certificate can be done by a simple click. All these indicators provide the necessary information to authenticate a website. However, a small part of users use them and that is why browser extensions or security toolbars were developed to ease the access to this information and give some additional information to users.

The Netcraft toolbar [net] is an example of commercial anti-phishing toolbar providing a risk rating for a visited web page in the form of an easily understandable colour code (green = safe, red = unsafe). SpoofGuard security toolbar [CLTM04] provides the same kind of information with colour code. In addition, the Netcraft toolbar displays the time since the web page is monitored, a popularity rank for the web page and the country where the web site is hosted.

Figure 1.3 shows the Netcraft toolbar with the website information it displays.

Several techniques are used to infer the likelihood that a web page is a phish and display this information. SpoofGuard security toolbar [CLTM04] is another web browser plugin relying on stateless web page evaluation to provide a spoof index of a website to users. Trustbar [HJ08] provides some TLS certificate derived indicators and others users customized indicators to depict the likelihood that a website is a phish or not. A user study shows that indicators provided by Trustbar are more efficient in raising user awareness about danger than basic browsers security indicators such as padlocks or HTTPS indicators. Gastellier et al. propose another security toolPhishing Prevention Techniques

Pages:     | 1 |   ...   | 2 | 3 || 5 | 6 |   ...   | 33 |

Similar works:

«Proudly Presents Winter Bazaar Information Package IWC Winter Bazaar 2016 Information Package Contents 1. The IWC Moscow & How To Be Part Of The Club 1.1. General Information about the IWC Moscow 1.2. Membership 1.3. Meetings Meet & Greet Coffee Morning Professional Women’s Evening 1.4. Interest Groups 1.5. Newsletter 1.6. Charities & Volunteering 1.7. Fundraising Events 1.8. Steering Committee 2. IWC Charities 2.1. Mission Statement 2.2. Financial Resources 2.3. Who do we support 3. IWC...»

«Pure Appl. Chem., Vol. 74, No. 1, pp. 107–113, 2002. © 2002 IUPAC Asymmetric dihydroxylation of C,C double bonds using catalytic amounts of osmium tetroxide, selenides, and air* Alain Krief1,‡ and Catherine Colaux-Castillo1,2 1Laboratoire de Chimie Organique de Synthèse, Department of Chemistry, Facultés Universitaires Notre-Dame de la Paix, 61 rue de Bruxelles, B-5000 Namur, Belgium; 2Fonds pour la Formation à la Recherche dans l’Industrie et dans l’Agriculture, 5 Rue d’Egmont,...»

«National Headquarters, Civil Air Patrol Aerospace Connections in Education (ACE) Program 105 South Hansell Street Maxwell AFB, AL 36112 PH: 877-227-9142 Email: ace@capnhq.gov Fax: 334-953-6891 2010-2011 ACE Curriculum Grade 4 Table of Contents ACE Program Overview Teacher Implementation Guidelines School-Wide Implementation Guidelines Lesson Information, Tips, & Suggestions Drug Demand Reduction (DDR) Connections Forms Class Progress Chart Sample Parent Letter W Award Nomination Forms Lesson...»

«THE DACIAN WAR The author of the commentary is unknown, we only know his dedication: “nunc spernitur lux, nuper gloriam Romae vidi” Now the days are wasted, once the glory of Rome I saw. PREAMBLE I When (in 44 BC) Burebista, first king of the Dacians, was assassinated, the kingdom that he established (the present Romania and part of Hungary), fell apart, splitting into four parts. Burebista in the Roman civil war had supported Pompey against Caesar, after the victory of the Divine Julius at...»

«Education Authority Procedure for Admission to Senior High Schools 2016 A Guide for Parents Updated: January 2016 Procedure for Admission to Senior High Schools 2016 CONTENTS Page(s) Glossary of Terms used in this Document 1 Post-Primary Provision in the Education Authority, Southern Region The Procedure for Admission to Senior High Schools 1. Introduction 2 2. Outline of the Two-Tier System 2 3. Schools in the Two-Tier System 2 4. Schools outside the Two Tier System 2 5. Arrangements for...»

«ILJ WINTER 2016 VOLUME 8, ISSUE 1 A refereed, online journal published thrice yearly by Thomas Edison State University I L J NTERNATIONAL EADERSHIP OURNAL IN THIS ISSUE ARTICLES Leadership Lessons from the Past: Examining the Work of Mary Parker Follett and Lillian Gilbreth Jane Whitney Gibson and Jack Deem Servant Leadership as a Framework for Organizational Change Joel Baldomir and Julia P. Hood Traditionally Inherited Leadership Among the Ewes in Togo, West Africa— Reasons and Beliefs:...»

«Dissertation zur Erlangung des Doktorgrades der Fakultät für Chemie und Pharmazie der Ludwig-Maximilians-Universität München Regulation of Integrin-linked Kinase (ILK) Stability Korana Radovanac aus Belgrad, Serbien 2012 Erklärung Diese Dissertation wurde im Sinne von § 7 der Promotionsordnung vom 28. November 2011 von Herrn Prof. Dr. Reinhard Fässler betreut. Eidesstattliche Versicherung Diese Dissertation wurde eigenständig und ohne unerlaubte Hilfe erarbeitet. München, 11.06.2012...»

«PORT KEMBLA GOLF CLUB 2015 Trevor Castle – Chairman Richard Humble – Vice Chairman John Dorahy – Treasurer WESTERN SUBURBS LEAGUES CLUB ILLAWARRA LIMITED DIRECTORS Greg Baldock, Pat Dorahy, Mathew Reh, Russel Hayes, Marco Boncompagni, Robert Murphy GENERAL MANAGER PORT KEMBLA GOLF CLUB Andrew Williams PORT KEMBLA GOLF CLUB ADVISORY BOARD Lynton Nicholas – President Stephen Wicks – Captain Cliff Harris OAM, Lauris Kentwell, Mathew Ward, Gary Olliffe, Phil Rimes, Rod McBride, Stuart...»

«Small Passenger Craft High Speed Experience Rides Guidance Page 1 of 16 Issue Date Change Author 1.0 March 2010 Initial Issue R. Flitter Acknowledgements Safety Guidance Code: This Safety Guidance Code was prepared by: Passenger Boat Association Royal Yachting Association The following organisations and authorities contributed to and/or were consulted in the preparation of this document Professional Boatman’s Association Maritime and Coastguard Agency Royal National Lifeboat Institution Port...»

«1 Issues on Baptism By Randal Rauser I. A Baptist Perspective on the Ordinances In this short paper I will seek to address some practical issues regarding the Baptist, and specifically NAB position on the ordinances. Though our focus will be on baptism, the principles adduced within that context can be applied to the Lord’s Supper as well. We begin however with a brief summary of a Baptist theology of the ordinances in terms of number and nature. A. Number of the Ordinances Baptists agree...»

«N° 14 – March 2011 Chefs on Parade: proudly presenting Belgian culinary culture The Hotel and Restaurant Association of the Philippines (HRAP) successfully staged Chefs on Parade 2011, the 27th edition of the country’s longest-running culinary competition for amateurs and professionals. Held from February 10 12 at SMX Convention Center’s Halls 1 4, it attracted an estimated 26,000 of visitors mostly culinary and Hotel & Restaurant Management students -, with a great number of food...»

«A Guide to Early Years Practice Many changes have taken place in early years education since the publication of the second edition of this book. This fully revised new edition places particular emphasis on Birth to Three Matters, the new Childcare Bill and the development of children’s centres, and has additional focus on the Foundation Stage Profile and its relationship to the proposed Early Years Foundation Stage.This accessible text also offers: • practical advice on how to successfully...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.