This Article 
 Bibliographic References 
 Add to: 
The Phish-Market Protocol: Secure Sharing Between Competitors
July/August 2010 (vol. 8 no. 4)
pp. 40-45
Tal Moran, Harvard University
Tyler Moore, Harvard University
One way banks mitigate phishing's effects is to remove fraudulent websites or suspend abusive domain names. The removal process, called a "take-down," is often subcontracted to specialist firms, who refuse to share feeds of phishing website URLs with each other. Consequently, many phishing websites aren't removed. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might free-ride off their efforts. Here, the authors propose the Phish-Market protocol, which enables companies to be compensated for information they provide to their competitors, encouraging them to share. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor's clients and only those previously unknown to the receiving firm. The receiving firm, on the other hand, is guaranteed privacy for its client list. The protocol solves a more general problem of sharing between competitors; applications to data brokers in marketing, finance, energy exploration, and beyond could also benefit.

1. T. Moore and R. Clayton, "The Consequence of Noncooperation in the Fight against Phishing," Proc. Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime 08), IEEE Press, 2008, pp. 1–14.
2. T. Moran and T. Moore, "The Phish-Market Protocol: Securely Sharing Attack Data between Competitors," Financial Cryptography and Data Security, LNCS 6052, R. Sion, ed., Springer, 2010, pp. 222–237.
3. O. Goldreich, Foundations of Cryptography: Basic Tools, vol. 1, Cambridge Univ. Press, 2001.
4. O. Goldreich, Foundations of Cryptography: Basic Applications, vol. 2, Cambridge Univ. Press, 2004.
5. O. Goldreich, S Micali, and A. Wigderson, "How to Play Any Mental Game or a Completeness Theorem for Protocols with Honest Majority," Proc. 19th Ann. ACM Symp. Theory of Computing (STOC 87), ACM Press, 1987, pp. 218–229.
6. M. Ben-Or, S. Goldwasser, and A. Wigderson, "Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation," Proc. 20th Ann. ACM Symp. Theory of Computing (STOC 88), ACM Press, 1988, pp. 1–10 (extended abstract).
7. D. Malkhi et al., "Fairplay—A Secure Two-Party Computation System," Usenix Security Symp., Usenix Assoc., 2004, pp. 287–302.
8. P. Bogetoft et al., "Secure Multiparty Computation Goes Live," Financial Cryptography and Data Security, LNCS 5628, R. Dingledine, and P. Golle eds., Springer, 2009, pp. 325–343.
9. T. Moran, "The Qilin Project: A Java SDK for Rapid Prototyping of Cryptographic Protocols," 2009, http:/

Index Terms:
cryptography, data sharing, privacy
Tal Moran, Tyler Moore, "The Phish-Market Protocol: Secure Sharing Between Competitors," IEEE Security & Privacy, vol. 8, no. 4, pp. 40-45, July-Aug. 2010, doi:10.1109/MSP.2010.138
Usage of this product signifies your acceptance of the Terms of Use.