Mitigating man-in-the-browser attacks with hardware-based authentication scheme

Mitigating man-in-the-browser attacks with hardware-based authentication scheme

Lack of security awareness amongst end users when dealing with online banking and electronic commerce leave many client side application vulnerabilities open. Thus, this is enables attackers to exploit the vulnerabilities and launch client-side attacks such as man-in-the-browser attack. The attack i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of cyber-security and digital forensics 2012-07, Vol.1 (3), p.204
Hauptverfasser: Nor, Fazli Bin Mat, Jalil, Kamarularifin Abd, Manan, Jamalul-lail Ab
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
Computer crimes
Control
Data security
Methods
Privacy
Safety and security measures
Web browsers
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Lack of security awareness amongst end users when dealing with online banking and electronic commerce leave many client side application vulnerabilities open. Thus, this is enables attackers to exploit the vulnerabilities and launch client-side attacks such as man-in-the-browser attack. The attack is designed to manipulate sensitive information via client's application such as internet browser by taking advantage of the browser's extension vulnerabilities. This attack exists due to lack of preventive measurement to detect any malicious changes on the client side platform. Therefore, in this paper we are proposing an enhanced remote authentication protocol with hardware based attestation and pseudonym identity enhancement to mitigate man-in-the-browser attacks as well as improving user identity privacy. Keywords-Trusted platform module; man-in-the-middle; man-in-the-browser; remote user authentication; privacy; pseudonym
ISSN:2305-0012
2305-0012