ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Geo-Location based QR-Code Authentication Scheme to Defeat Active Real-time Phishing Attack
Cited 9 time in scopus Download 2 time Share share facebook twitter linkedin kakaostory
저자
김승현, 최대선, 진승헌, 이성훈
발행일
201311
출처
Workshop on Digital Identity Management (DIM) 2013, pp.51-61
DOI
https://dx.doi.org/10.1145/2517881.2517889
협약과제
13ZS1100, SW인테리전스 핵심기술개발, 황승구
초록
Internet phishing attacks have been evolving along with the growth of online transactions on the Internet. MITM(Man-In-The-Middle) phishing is an attack that manipulates authentication and transaction information when an attacker is located in between a web server and a user. The possibility of this sort of phishing attack has been posed for a long time, but the menace was mostly ignored. Since Bruce Schneier introduced the concept of emasculating two-factor authentication in 2005, Leung and Jakobsson proposed Control Relay-MITM and doppelganger phishing attacks, respectively. In this paper, we introduce ART(Active Real-Time) MITM phishing attack as an enhanced phishing attack against above ones. While providing same UX(User eXperience) of real web server to a user, ART-MITM makes all security solutions that are installed on the user's computer useless and runs automated attack processes. To defeat against ART-MITM phishing attack, we propose a geo-location based QR-code authentication scheme using mobile phone. The proposed scheme provides convenience, mobility, and security for the user; as a result, the scheme can be seen as a realistic solution to such enhanced phishing attacks. © 2013 ACM.
KSP 제안 키워드
Internet phishing, Location based, Long Time, Man-in-the-middle, QR Code, Real-Time, Web server, authentication scheme, geo-location, mobile phone, phishing attack