One way banks mitigate phishing's effects is to remove fraudulent websites or suspend abusive domain names. The removal process, called a "take-down," is often subcontracted to specialist firms, who refuse to share feeds of phishing website URLs with each other. Consequently, many phishing websites aren't removed. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might free-ride off their efforts. Here, the authors propose the Phish-Market protocol, which enables companies to be compensated for information they provide to their competitors, encouraging them to share. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor's clients and only those previously unknown to the receiving firm. The receiving firm, on the other hand, is guaranteed privacy for its client list. The protocol solves a more general problem of sharing between competitors; applications to data brokers in marketing, finance, energy exploration, and beyond could also benefit.
[1]
Benny Pinkas,et al.
Fairplay - Secure Two-Party Computation System
,
2004,
USENIX Security Symposium.
[2]
Tyler Moore,et al.
The consequence of non-cooperation in the fight against phishing
,
2008,
2008 eCrime Researchers Summit.
[3]
Oded Goldreich.
Foundations of Cryptography: Index
,
2001
.
[4]
Avi Wigderson,et al.
Completeness theorems for non-cryptographic fault-tolerant distributed computation
,
1988,
STOC '88.
[5]
Ivan Damgård,et al.
Secure Multiparty Computation Goes Live
,
2009,
Financial Cryptography.
[6]
Richard E. Overill,et al.
Foundations of Cryptography: Basic Tools
,
2002,
J. Log. Comput..
[7]
Oded Goldreich,et al.
Foundations of Cryptography: List of Figures
,
2001
.
[8]
Tyler Moore,et al.
The Phish-Market Protocol: Securely Sharing Attack Data between Competitors
,
2010,
Financial Cryptography.