Preventing Web-Spoofing with Automatic Detecting Security Indicator

The anti-spoofing community has been intensively proposing new methods for defending against new spoofing techniques. It is still challenging for protecting naive users from advanced spoofing attacks. In this paper, we analyze the problems within those anti-spoofing mechanisms and propose a new Automatic Detecting Security Indicator (ADSI) scheme. This paper describe the trust model in ADSI in detail firstly. In a secure transaction, ADSI may generate a random picture and embed it into the current web browser. This can be triggered by any security relevant event occurred on the browser, and then performs automatic checking on current active security status. When a mismatch of embedded images is detected, an alarm goes off to alert the users. Since an adversary is hard to replace or mimic the randomly generated picture, the web-spoofing attack can not be mounted. In comparison with existing proposals, our scheme has the weakest security assumption and places a very low burden on the computer by automating the process of detection and recognition of the web-spoofing for SSL-enabled communication. Moreover, this scheme has little intrusive on the browser. Finally, this scheme can be implemented in trusted PC at Internet Cafe requiring neither Logo Certification Authority, nor the scheme of personalization.