Fighting phishing at the user interface

The problem that this thesis concentrates on is phishing attacks. Phishing attacks use email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users into submitting their personal, financial, or computer account information online at those fake web sites. Phishing is a semantic attack. The fundamental problem of phishing is that when a user submits sensitive information online under an attack, his mental model about this submission is different from the system model that actually performs this submission. Specifically, the system sends the data to a different web site from the one where the user intends to submit the data. The fundamental solution to phishing is to bridge the semantic gap between the user's mental model and the system model. The user interface is where human users interact with the computer system. It is where a user's intention transforms into a system operation. It is where the semantic gap happens under phishing attacks. And therefore, it is where the phishing should be solved. There are two major approaches to bridge the semantic gap at the user interface. One approach is to reflect the system model to the user. Anti-phishing toolbars and the browser's security indicators take this approach. User studies in this thesis show that this approach is not effective at preventing phishing. Users are required to constantly pay attention to the toolbar and are expected to have the expertise to always correctly interpret the toolbar message. Normal users meet neither of these requirements. The other approach is to let users tell the system their intentions when they are submitting data online. The system can then check if the actual submission meets the user's intention or not. If there is a semantic gap, the system can effectively warn the user about this discrepancy and provide a safe path to the user's intended site. Web Wallet, designed and implemented as a new anti-phishing solution, takes this approach. It is a dedicated browser sidebar for users to submit their sensitive information online. User studies in this thesis shows that Web Wallet is not only an effective and promising anti-phishing solution but also a usable personal information manager.

[1]  George Cybenko,et al.  COGNITIVE HACKING : TECHNOLOGICAL AND LEGAL ISSUES , 2004 .

[2]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[3]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[4]  David R. Karger,et al.  Breaking the Window Hierarchy to Visualize UI Interconnections , 2022 .

[5]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[6]  David E. Culler,et al.  A composable framework for secure multi-modal access to Internet services from post-PC devices , 2000, Proceedings Third IEEE Workshop on Mobile Computing Systems and Applications.

[7]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[8]  Tong Zhang,et al.  Text Categorization Based on Regularized Linear Classification Methods , 2001, Information Retrieval.

[9]  Amir Herzberg,et al.  TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks , 2004 .

[10]  A. Emigh,et al.  Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures , 2005 .

[11]  J. D. Tygar,et al.  WWW electronic commerce and java trojan horses , 1996 .

[12]  Ka-Ping Yee,et al.  Passpet: convenient password management and phishing protection , 2006, SOUPS '06.

[13]  Ka-Ping Yee,et al.  Guidelines and Strategies for Secure Interaction Design , 2005 .

[14]  Markus Jakobsson,et al.  Cache cookies for browser authentication , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[15]  Jr. G. Forney,et al.  The viterbi algorithm , 1973 .

[16]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[17]  Micah Dubinko,et al.  Xforms Essentials , 2003 .

[18]  Sean W. Smith,et al.  Web Spoofing Revisited: SSL and Beyond , 2002 .

[19]  Andrew McCallum,et al.  A comparison of event models for naive bayes text classification , 1998, AAAI 1998.

[20]  Rob Miller,et al.  Johnny 2: a user test of key continuity management with S/MIME and Outlook Express , 2005, SOUPS '05.

[21]  Xiaotie Deng,et al.  An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.

[22]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[23]  Mark Delany,et al.  Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys) , 2007, RFC.

[24]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[25]  David R. Karger,et al.  Tackling the Poor Assumptions of Naive Bayes Text Classifiers , 2003, ICML.

[26]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[27]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[28]  Michael B. Jones,et al.  Design Rationale behind the Identity Metasystem Architecture , 2007, ISSE.

[29]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[30]  Ronald L. Rivest,et al.  Lightweight Encryption for Email , 2005, SRUTI.

[31]  Kori Inkpen Quinn,et al.  Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[32]  Michael Bolin End-user programming for the Web , 2005 .

[33]  A Treisman,et al.  Feature analysis in early vision: evidence from search asymmetries. , 1988, Psychological review.

[34]  Donald E. Eastlake rd Electronic Commerce Modeling Language (ECML) Version 2 Specification , 2005 .