Enhancing the Security of On-line Transactions with CAPTCHA Keyboard

Abstract : In an on-line transaction, a client usually have to present some authenticators (password, user certificate or both) to the server. However, those authenticators are exposed to client-side malware such that the malware is able to obtain the server-client messages, or impersonate the user to build another “secure” channel with the server.The present paper aims to patch this client-side security flaw with a novel password-input method. Specifically, it enables a user to input a password by clicking an on-screen CAPTCHA keyboard, rather than a keyboard typing. The CAPTCHA keyboard is designed to greatly increase the difficulty of password eavesdropping and phishing in a malicious environment given that the malware can not monitor the browser secret memory space. Our implementation shows that Firwfox browser incorporated with CAPTCHA Keyboard and smartcard is viable and transparent over HTTPS protocol.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.531-536, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_44〉
Liste complète des métadonnées

Littérature citée [7 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518212
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:13
Dernière modification le : jeudi 4 mai 2017 - 14:53:56
Document(s) archivé(s) le : samedi 5 août 2017 - 13:02:02

Fichier

978-3-642-30436-1_44_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yongdong Wu, Zhigang Zhao. Enhancing the Security of On-line Transactions with CAPTCHA Keyboard. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.531-536, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_44〉. 〈hal-01518212〉

Partager

Métriques

Consultations de la notice

33

Téléchargements de fichiers

22