The spread of phishing intensifies the need for well-defined security requirements in the design of an information system. Phishing goes on increasing, especially in the e-services domain, even though a variety of prevention methods have been developed and used against it. Phishing attacks compromise the software quality features of a system. In our study, we focus on how to prevent phishing attacks with the misuse case method from a system design perspective. After presenting the phishing attack techniques and the related threats, we introduce and evaluate three kinds of the existing phishing prevention methods. As an evaluation result, we express our support and give a brief introduction to the misuse case method; we subsequently construct an example scenario to illustrate the method’s application in the phishing prevention domain. After the discussion on phishing prevention based on the misuse cases identification , we conclude that it is possible to cater for phishing attacks at the system design level, by considering design quality features that ensure system's security. 1.0 Introduction Software quality [1, 2, 3] is not a set of essentially wanted and desirable features that can be added to a system after its realisation; software quality features [1, 2, 4, 5, 3], and especially those that deal with functionality, are planned and designed from the very initial phases of the software development lifecycle [1, 2, 4, 5]. Dealing with system functionality, ISO 9126 defines functionality as a set of attributes that bear on the existence of functions and their specified properties [1, 2, 4, 5, 3]. The functions are those that satisfy stated or implied needs; therefore, they must be and prove to be suitable, accurate, secure and with certain interoperability features [see e.g. 3]. Evidently, many existing information systems do not bear these characteristics no matter what and how software development methods, tools and quality models are used [see e.g. 1 and 2].
[1]
Gurpreet Dhillon,et al.
Internet Privacy: Interpreting Key Issues
,
2001,
Inf. Resour. Manag. J..
[2]
Hajime Watanabe,et al.
PAKE-based mutual HTTP authentication for preventing phishing attacks
,
2009,
WWW '09.
[3]
Edward W. Felten,et al.
Password management strategies for online accounts
,
2006,
SOUPS '06.
[4]
Eleni Berki,et al.
A usability test of whitelist and blacklist-based anti-phishing application
,
2012,
MindTrek.
[5]
Markus Jakobsson,et al.
Designing ethical phishing experiments
,
2007,
IEEE Technology and Society Magazine.
[6]
Markus Jakobsson,et al.
Modeling and Preventing Phishing Attacks
,
2005,
Financial Cryptography.
[7]
Tamara Dinev,et al.
Why spoofing is serious internet fraud
,
2006,
CACM.
[8]
Reijo Savola,et al.
Development of Measurable Security for a Distributed Messaging System
,
2010
.
[9]
Peter Tarasewich,et al.
Improving interface designs to help users choose better passwords
,
2006,
CHI Extended Abstracts.
[10]
José Carlos Brustoloni,et al.
Using reinforcement to strengthen users' secure behaviors
,
2010,
CHI.
[11]
Marti A. Hearst,et al.
Why phishing works
,
2006,
CHI.
[12]
Peter Gutmann,et al.
Security Usability
,
2005,
IEEE Secur. Priv..
[13]
Gregory D. Williamson.
Enhanced Authentication In Online Banking
,
2006
.
[14]
Lorrie Faith Cranor,et al.
Decision strategies and susceptibility to phishing
,
2006,
SOUPS '06.
[15]
Linfeng Li,et al.
Usability evaluation of anti-phishing toolbars
,
2007,
Journal in Computer Virology.
[16]
Yi Mu,et al.
Mitigating Phishing with ID-based Online/Offline Authentication
,
2008,
AISC.
[17]
Eleni Berki,et al.
Cyber-Identities and Social Life in Cyberspace
,
2009
.
[18]
Min Wu,et al.
Do security toolbars actually prevent phishing attacks?
,
2006,
CHI.