Title :
Input method against Trojan horse and replay attack
Author :
Sakurai, Shoji ; Ushirozawa, Shinobu
Author_Institution :
Inf. Technol. R&D Center, Mitsubishi Electr. Corp., Kamakura, Japan
Abstract :
During a user´s transactions over the Internet, there are risks of unauthorised third party transactions carried out on the user´s account, using the man-in-the-middle (MITM) attack and Trojan horse. In this paper, we propose a new interactive input method of sensitive information such as credit-card numbers and account numbers against these attacks. The proposing method relatively decides the input value that a user inputs using GUI with two or more cursors which move to different directions simultaneously. The user inputs the information based on a shared secret between the user and a server beforehand, and moves one of the cursors from the shared secret to the input value, and the server changes the cursors´ position and asks a question about the value which the users cursors points at. The server can decide the user´s input value though the response for the question. This method is strong and does not give any hint about which cursor is used t to the attacker unless both the user and the server expose the shared value and the input value.
Keywords :
Internet; authorisation; bank data processing; graphical user interfaces; interactive systems; invasive software; GUI; Internet; MITM attack; Trojan horse; account number; credit-card number; interactive input method; man-in-the-middle attack; replay attack; shared secret; unauthorised third party transaction; Browsers; Graphical user interfaces; Integrated circuits; Internet; Malware; Servers; Transforms; MITB attack; component; input method; replay attack; trojan horse;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5689592
