Featured Research

from universities, journals, and other organizations

Computer Engineers Create New System To Curb Phishing Fraud

Date:
September 3, 2006
Source:
Carnegie Mellon University
Summary:
Carnegie Mellon University Cylab researchers have developed a new anti-phishing tool to protect users from online transactions at fraudulent Web sites.

Carnegie Mellon University CyLab researchers have developed a new anti-phishing tool to protect users from online transactions at fraudulent Web sites.

A research team led by Electrical and Computer Engineering Professor Adrian Perrig has created the Phoolproof Phishing Prevention system that protects users against all network-based attacks, even when they make mistakes. The innovative security system provides strong mutual authentication between the Web server and the user by leveraging a mobile device, such as the user's cell phone or PDA.

The system is also designed to be easy for businesses to implement. Perrig, along with engineering Ph.D. student assistants Bryan Parno and Cynthia Kuo, has developed an anti-phishing system that makes the user's cell phone an active participant in the authentication process to securely communicate with a particular Internet site.

"Essentially, our research indicates that Internet users do not always make correct security decisions, so our new system helps them make the right decision, and protects them even if they manage to make a wrong decision," Perrig said. "Our new anti-phishing system, which operates with the standard secure Web protocol, ensures that the user accesses the Web site they intend to visit, instead of a phishing site posing as a legitimate business. The mobile device acts like an electronic assistant, storing a secure bookmark and a cryptographic key for each of the user's online accounts."

Phoolproof Phishing Prevention essentially provides a secure electronic key ring that the user can access while making online transactions, according to Parno. These special keys are more secure than one-time passwords because the user can't give them away. So, phishers can't access the user's accounts, even if they obtain other information about the user, researchers said.

Since the user's cell phone performs cryptographic operations without revealing the secret key to the user's computer, the system also defends against keyloggers and other malicious software on the user's computer. Even if the user loses the cell phone, the keys remain secure.

Driving the need for this new tool is escalating consumer worries over online fraud -- a major barrier for a banking industry seeking to push consumers to do more of their banking online. More than 5 percent of Internet users say they have stopped banking online because of security concerns, up from 1 percent a year ago, according to industry reports.

Complicating the concern for more secure financial sites is a looming deadline for new security guidelines from the Federal Financial Institutions Examination Council (FFIEC), a group of government agencies that sets standards for financial institutions. Last year, the FFIEC set a Dec. 31 deadline for banks to add online security measures beyond just a user name and password. Failure to meet that deadline could result in fines, the FFIEC said.

Additional details about Phoolproof Phishing Prevention can be found at sparrow.ece.cmu.edu/~parno/phishing/.

About Carnegie Mellon CyLab: Carnegie Mellon CyLab is a university-wide, multidisciplinary initiative involving more than 200 faculty, students and staff. Carnegie Mellon CyLab is a bold and visionary effort aimed at creating a public-private partnership to develop new technologies for measurable, available, secure, trustworthy and sustainable computing and communication systems, and to educate individuals at all levels.


Story Source:

The above story is based on materials provided by Carnegie Mellon University. Note: Materials may be edited for content and length.


Cite This Page:

Carnegie Mellon University. "Computer Engineers Create New System To Curb Phishing Fraud." ScienceDaily. ScienceDaily, 3 September 2006. <www.sciencedaily.com/releases/2006/09/060901161757.htm>.
Carnegie Mellon University. (2006, September 3). Computer Engineers Create New System To Curb Phishing Fraud. ScienceDaily. Retrieved October 21, 2014 from www.sciencedaily.com/releases/2006/09/060901161757.htm
Carnegie Mellon University. "Computer Engineers Create New System To Curb Phishing Fraud." ScienceDaily. www.sciencedaily.com/releases/2006/09/060901161757.htm (accessed October 21, 2014).

Share This



More Computers & Math News

Tuesday, October 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Thanks, Marty McFly! Hoverboards Could Be Coming In 2015

Thanks, Marty McFly! Hoverboards Could Be Coming In 2015

Newsy (Oct. 21, 2014) If you've ever watched "Back to the Future Part II" and wanted to get your hands on a hoverboard, well, you might soon be in luck. Video provided by Newsy
Powered by NewsLook.com
Robots to Fly Planes Where Humans Can't

Robots to Fly Planes Where Humans Can't

Reuters - Innovations Video Online (Oct. 21, 2014) Researchers in South Korea are developing a robotic pilot that could potentially replace humans in the cockpit. Unlike drones and autopilot programs which are configured for specific aircraft, the robots' humanoid design will allow it to fly any type of plane with no additional sensors. Ben Gruber reports. Video provided by Reuters
Powered by NewsLook.com
Japanese Scientists Unveil Floating 3D Projection

Japanese Scientists Unveil Floating 3D Projection

Reuters - Innovations Video Online (Oct. 20, 2014) Scientists in Tokyo have demonstrated what they say is the world's first 3D projection that floats in mid air. A laser that fires a pulse up to a thousand times a second superheats molecules in the air, creating a spark which can be guided to certain points in the air to shape what the human eye perceives as an image. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Apple Enters Mobile Payment Business

Apple Enters Mobile Payment Business

AP (Oct. 20, 2014) Apple is making a strategic bet with the launch of Apple Pay, the mobile pay service aimed at turning your iPhone into your wallet. (Oct. 20) Video provided by AP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins