Combating Phishing Through Zero-Knowledge Authentication
Loading...
Date
2008-06
Authors
Knickerbocker, Paul, 1980-
Journal Title
Journal ISSN
Volume Title
Publisher
University of Oregon
Abstract
Phishing is a type of Internet fraud that uses deceptive websites to trick
users into revealing sensitive information. Despite the availability of numerous
tools designed to detect phishing, it remains a steadily growing threat. The failure
of current anti-phishing solutions is largely due to their focus on detecting phishing
rather than addressing phishing's root cause: insecure web authentication.
Using a combination of the zero-knowledge mechanism and two-factor
authentication I present ZeKo, an authentication mechanism that is immune from
phishing attacks, cryptanalysis and man-in-the-middle attacks. ZeKo takes into
account the psychological behavior of users and remains secure even when the user
is deceived. The proposed system not only prevents phishing attacks but also has
considerable benefits over traditional authentication mechanisms, making it well
suited for a wide range of applications.
Description
x, 62 p. A print copy of this thesis is available through the UO Libraries. Search the library catalog for the location and call number.