Stronger Authentication in e-Commerce: How to Protect Even Nave User against Phishing, Pharming, and MITM Attacks

C. Latze and U. Ultes-Nitsche

Keywords

ecommerce, TPM, phishing, pharming, MITM

Abstract

Phishing, pharming and MITM attacks, i.e. the theft of user credentials, are a major threat to e-commerce appli cations. As soon as the attacker manages to talk a user into revealing his/her credentials needed to access an e commerce application (e.g. user name, password, transac tion number (TAN) in case of e-banking applications), the user’s account is open to any kind of (financial) transaction by the attacker. In this paper, we propose using the trusted platform module (TPM) — a piece of hardware which will be built into all computers shipped in the near future — for ensuring both an e-commerce application’s integrity and binding user authentication to user credentials and the usage of specific hardware during the authentication pro cess. By doing so, strong authentication is achieved (some thing one knows is combined with something one possesses physically), which renders phishing attacks unsuccessful as the phisher will not be in possession of the required hard ware and therefore getting user credentials will not open the e-commerce account for exploitation.

Important Links:



Go Back