Reliability, usability and security in anti-phishing software and its design
LI, LINFENG (2008)
LI, LINFENG
2008
Tietojenkäsittelyoppi - Computer Science
Informaatiotieteiden tiedekunta - Faculty of Information Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2008-06-11
Julkaisun pysyvä osoite on
https://urn.fi/urn:nbn:fi:uta-1-18839
https://urn.fi/urn:nbn:fi:uta-1-18839
Tiivistelmä
Phishing, a typical online identity theft, has become one of the most critical threats of on-line business. Most victims are deceived by forging authorized websites. Being cheated by fraudulent websites does not only mean the loss of money, but also the damage of online trust relationship. From the whole economic and social system’s point of view, the damage is not stopped at the point of destroying online trust relationship. In fact, the side effects of missing the business basis, trust relationship, will finally cause an economic slowdown. Undoubtedly, the final consequence will turn to be a tragedy.
In order to protect users from this simple cheating attack, we collected and classified three types of phishing attacks on client side, server side and transmission media. In addition, we also selected and carefully experimented, from usability perspective, four representative anti-phishing toolbars, Google Safe Browsing, Netcraft antiphishing toolbar, SpoofGuard, and my own software Anti-phishing IEPlug. Additionally, we employed misuse-oriented method to illustrate how to design phishing-resistant information system at design or requirement stage. According to the results of these studies, we suggest that end users should trust and use anti-phishing software to protect themselves. Moreover, for ordinary users, it is also highly recommended to observe and report any suspicious websites and attempts. Meanwhile, it is always a good habit to carefully check URLs and certificate authorities of online banking websites. From the results of my antiphishing studies, it also shows that the war between phishers and anti-phishers never ends. Phishing techniques are constantly evolving, as well as existing phishing preventive client side applications’ own defects are not overcome yet. However, the study results are showing that phishing may be killed out at system design stage, e.g. by using misuse case method.
Key words and terms: software quality, phishing, phishing prevention, software design, malware
In order to protect users from this simple cheating attack, we collected and classified three types of phishing attacks on client side, server side and transmission media. In addition, we also selected and carefully experimented, from usability perspective, four representative anti-phishing toolbars, Google Safe Browsing, Netcraft antiphishing toolbar, SpoofGuard, and my own software Anti-phishing IEPlug. Additionally, we employed misuse-oriented method to illustrate how to design phishing-resistant information system at design or requirement stage. According to the results of these studies, we suggest that end users should trust and use anti-phishing software to protect themselves. Moreover, for ordinary users, it is also highly recommended to observe and report any suspicious websites and attempts. Meanwhile, it is always a good habit to carefully check URLs and certificate authorities of online banking websites. From the results of my antiphishing studies, it also shows that the war between phishers and anti-phishers never ends. Phishing techniques are constantly evolving, as well as existing phishing preventive client side applications’ own defects are not overcome yet. However, the study results are showing that phishing may be killed out at system design stage, e.g. by using misuse case method.
Key words and terms: software quality, phishing, phishing prevention, software design, malware