An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Author

Bin Mat Nor, Fazli ; Jalil, Kamarularifin Abd ; Manan, Jamalul-lail Ab

Author_Institution

Fac. of Comput. & Math. Sci., Univ. Teknol. Mara, Shah Alam, Malaysia

fYear

2012

fDate

26-28 June 2012

Firstpage

271

Lastpage

276

Abstract

Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the client´s browser extension. This attack is able to manipulate the information contained in a transaction without the user´s consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully.

Keywords

authorisation; client-server systems; computer crime; cryptographic protocols; data privacy; trusted computing; attack mitigation; attack prevention; client browser extension; client-server communication; client-side communication; electronic commerce applications; enhanced remote authentication protocol; man-in-the-browser attacks; online banking; security mechanisms; user consent; Authentication; Browsers; Internet; Protocols; Servers; Software; Trusted platform module; man-in-the-browser; man-in-the-middle; privacy; pseudonym; remote user authentication;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4673-1425-1

Type

conf

DOI

10.1109/CyberSec.2012.6246086

Filename

6246086