An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these at...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bin Mat Nor, Fazli, Jalil, Kamarularifin Abd, Manan, Jamalul-lail Ab
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Authentication
Browsers
Internet
man-in-the-browser
man-in-the-middle
privacy
Protocols
pseudonym
remote user authentication
Servers
Software
Trusted platform module
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the client's browser extension. This attack is able to manipulate the information contained in a transaction without the user's consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully.
DOI:10.1109/CyberSec.2012.6246086