The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - June (2009 vol.42)
pp: 27-33
Rolf Oppliger , eSecurity Technologies
Ruedi Rytz , Federal Office for National Economic Supply
ABSTRACT
Although current mechanisms protect against offline credential-stealing attacks, effective protection against online channel-breaking attacks requires technologies to defeat man-in-the-middle (MITM) attacks, and practical protection against content-manipulation attacks requires transaction-authentication technologies.
INDEX TERMS
security, e-commerce, computers and society, Internet banking, SSL/TLS
CITATION
Rolf Oppliger, Ruedi Rytz, Thomas Holderegger, "Internet Banking: Client-Side Attacks and Protection Mechanisms", Computer, vol.42, no. 6, pp. 27-33, June 2009, doi:10.1109/MC.2009.194
REFERENCES
1. D. Dolev and A.C. Yao, "On the Security of Public Key Protocols," Proc. IEEE 22nd Ann. Symp. Foundations of Computer Science, IEEE CS Press, 1981, pp. 350-357.
2. A. Hiltgen, T. Kramp, and T. Weigold, "Secure Internet Banking Authentication," IEEE Security &Privacy, vol. 4, no. 2, 2006, pp. 21-29.
3. A. Adelsbach, S. Gajek, and J. Schwenk, "Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures," Proc. 1st Information Security Practice and Experience Conf. (ISPEC 05), LNCS 3439, Springer, 2005, pp. 204-216.
4. Z. Ye and S. Smith, "Trusted Paths for Browsers," Proc. Usenix Security Conf., Usenix Press, 2002, pp. 263-279.
5. R. Dhamija and J.D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proc. Symp. Usable Privacy and Security (SOUPS 05), ACM Press, 2005, pp. 77-88.
6. M. Badra and I. Hajjeh, "Key-Exchange Authentication Using Shared Secrets," Computer, Mar. 2006, pp. 58-66.
7. M. Steiner et al., "Secure Password-Based Cipher Suite for TLS," ACM Trans. Information and System Security (TISSEC 01), May 2001, pp. 134-157.
8. A. Herzberg and A. Gbara, Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks, Cryptology ePrint Archive: Report 2004/155, 2004.
9. R.L. Rivest and A. Shamir, "How to Expose an Eavesdropper," Comm. ACM, vol. 27, no. 4, 1984, pp. 393-395.
10. S.M. Bellovin and M. Merritt, "An Attack on the Interlock Protocol When Used for Authentication," IEEE Trans. Information Theory, Jan. 1994, pp. 273-275.
11. N. Asokan, V. Niemi, and K. Nyberg, "Man-in-the-Middle in Tunneled Authentication Protocols," Proc. Int'l Workshop Security Protocols, LNCS 3364, Springer, 2003, pp. 15-24 (also available as IACR ePrint 2002/163).
12. B. Parno, C. Kuo, and A. Perrig, "Phoolproof Phishing Prevention," Proc. Financial Cryptography and Data Security, LNCS 4107, Springer, 2006, pp. 1-19.
13. R. Oppliger, R. Hauser, and D. Basin, "SSL/TLS Session-Aware User Authentication," Computer, Mar. 2008, pp. 59-65.
14. R.S. Cox et al., "A Safety-Oriented Platform for Web Applications," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 350-364.
15. R. Oppliger and R. Rytz, "Does Trusted Computing Remedy Computer Security Problems?" IEEE Security &Privacy, Mar./Apr. 2005, pp. 16-19.
384 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool