New protocol proposed to defeat Man-in-the-Middle phishing attacks

Source: International Journal of Information Security and Privacy, Vol. 1, Issue 3
Author(s): Luo, X.; Guan, T. T.
Affiliation(s): Virginia State University, USA;
Data Security Systems Solutions Pte Ltd, Singapore

Preface:
Hamid R. Nemati
Editor-in-Chief

Research Papers:
A Projection of the Future Effects of Quantum Computation on Information Privacy Geoff Skinner, Elizabeth Chang

Many of the current issues with Information Privacy have been the result of inadequate consideration for privacy during the planning, design and implementation of Information Systems and communication networks. The area of Quantum Computation is still in its infancy, and a truly functional quantum computer has not been implemented. However, it is anticipated that within the next decade it may be feasible. This presents a unique opportunity to give due consideration to Information Privacy in the realm of future quantum computational devices and environments while they are still in their infancy. This paper provides an overview of the key Information Privacy issues that we feel may arise with the evolution and realization of quantum computation. Additionally we propose an integrated approach of technical, legal and social elements to address these issues.

Defeating Active Phishing Attacks for Web-Based Transactions
Xin Luo and TAN Teik Guan

Till now, the best defense against phishing is the use of two-factor authentication systems. Yet this protection is short-lived and comparatively weak. The absence of a fool-proof solution against Man-in-the-Middle, or Active Phishing, attacks have resulted in an avalanche of security practitioners painting bleak scenarios where Active Phishing attacks cripple the growth of web-based transactional systems. Even with vigilant users and prudent applications, no solutions seem to have addressed the attacks comprehensively. In this paper, we propose the new Two-factor Interlock Authentication Protocol (TIAP), adapted from the Interlock Protocol with two-factor authentication, which is able to defend successfully against Active Phishing attacks. We further scrutinize the TIAP by simulating a series of attacks against the protocol and demonstrate how each attack is defeated.

For more information, please refer to
http://igi-pub.com/articles/details.asp?id=7256

About Data Security Systems Solutions Pte Ltd

Headquartered in Singapore, Data Security Systems Solutions develops world class authentication solutions for enterprises, banks and governments that provides strong authentication that is most critical to online businesses. Its flag ship product, the DSSS Authentication Server Network Appliance, offers a multi-factor authentication system which is fully customizable and platform independent that organizations can deploy to create a strong barrier against unauthorized access and protect online data resources from malicious intrusions, through the support of major authentication methods with minimal integration.

Most recently, DSSS was conferred “DEMOgod” in DEMOfall 2006, the premier launch venue for new products, technologies and companies that significantly impact the marketplace and set market trends in the coming year, for our One Time Private Key (OTPK) technology to implement digital signature to the consumer market for On-Line Enterprise and Mobile applications.