BROWSE
Detail
Conference Paper
Geo-Location based QR-Code Authentication Scheme to Defeat Active Real-time Phishing Attack
Cited 10 time in 
Share 
Share
- Authors
- Seung-Hyun Kim, Daeseon Choi, Seung-Hun Jin, Sung-Hoon Lee
- Issue Date
- 2013-11
- Citation
- Workshop on Digital Identity Management (DIM) 2013, pp.51-61
- Language
- English
- Type
- Conference Paper
- Abstract
- Internet phishing attacks have been evolving along with the growth of online transactions on the Internet. MITM(Man-In-The-Middle) phishing is an attack that manipulates authentication and transaction information when an attacker is located in between a web server and a user. The possibility of this sort of phishing attack has been posed for a long time, but the menace was mostly ignored. Since Bruce Schneier introduced the concept of emasculating two-factor authentication in 2005, Leung and Jakobsson proposed Control Relay-MITM and doppelganger phishing attacks, respectively. In this paper, we introduce ART(Active Real-Time) MITM phishing attack as an enhanced phishing attack against above ones. While providing same UX(User eXperience) of real web server to a user, ART-MITM makes all security solutions that are installed on the user's computer useless and runs automated attack processes. To defeat against ART-MITM phishing attack, we propose a geo-location based QR-code authentication scheme using mobile phone. The proposed scheme provides convenience, mobility, and security for the user; as a result, the scheme can be seen as a realistic solution to such enhanced phishing attacks. © 2013 ACM.
- KSP Keywords
- Internet phishing, Location Based, Long time, QR Code, Real-time, Security solutions, User experience, Web server, authentication scheme, geo-location, man-in-the-middle