Anti-Phishing Models: Main Challenges

Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user\u27s account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points to a conclusion that technology alone will not completely stop phishing. What is necessary is a multi-tiered, organised approach: user awareness, technical and non-technical solutions should work together

Anti-Phishing Models: Main Challenges

Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user\u27s account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points to a conclusion that technology alone will not completely stop phishing. What is necessary is a multi-tiered, organised approach: user awareness, technical and non-technical solutions should work together

Framework for intuitive user interaction with security in the smart home

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 99-104).This thesis presents IntuiSec, a framework for intuitive user interaction with Smart Home security. The design approach of IntuiSec is to introduce a layer of indirection between user-level intent and the system-level security infrastructure. This layer is implemented by a collection of distributed middleware and user-level tools. It encapsulates system-level security events and exposes only concepts and real-world metaphors that are intuitive to non-expert users. It also translates user intent to the appropriate system-level security actions. The IntuiSec framework presents the user with intuitive steps for setting up a secure home network, establishing trusted relationships between devices, and granting temporal, selective access for both home occupants and visitors to devices within the home. The middleware exposes APIs that allow other applications to present the user with meaningful visualizations of security-related parameters and concepts. I present the IntuiSec system design and an example proof-of-concept implementation, which demonstrates the user experience and provides more insight into the framework.by Saad Safer Shakhshir.M.Eng