Author: Dr Sandeep Sood
Password-based authentication is used in online web applications due to its simplicity and convenience. Efficient password-based authentication schemes are required to authenticate the legitimacy of remote users, or data origin over an insecure communication channel. Password-based authentication schemes are highly susceptible to phishing attacks.
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Phishing is a social engineering Technique which they main aim is to target the user Information like user id, password, credit card information and so on. Which result a financial loss to the user. Detecting Phishing is the one of the challenge problem that relay to human vulnerabilities. This paper proposed the Detecting Phishing Web Sites using different Machine Learning Approaches. In this to evaluate different classification models to predict malicious and benign websites by using Machine Learning Algorithms. Experiments are performed on data set consisting malicious and benign, In This paper the results shows the proposed Algorithms has high detection accuracy. Nakkala Srinivas Mudiraj ""Detecting Phishing using Machine Learning"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23755.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-security/23755/detecting-phishing-using-machine-learning/nakkala-srinivas-mudiraj
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Phishing is a social engineering Technique which they main aim is to target the user Information like user id, password, credit card information and so on. Which result a financial loss to the user. Detecting Phishing is the one of the challenge problem that relay to human vulnerabilities. This paper proposed the Detecting Phishing Web Sites using different Machine Learning Approaches. In this to evaluate different classification models to predict malicious and benign websites by using Machine Learning Algorithms. Experiments are performed on data set consisting malicious and benign, In This paper the results shows the proposed Algorithms has high detection accuracy. Nakkala Srinivas Mudiraj ""Detecting Phishing using Machine Learning"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23755.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-security/23755/detecting-phishing-using-machine-learning/nakkala-srinivas-mudiraj
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Multi level parsing based approach against phishing attacks with the help of ...IJNSA Journal
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an
unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are
the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL
attacks and some other hacking attacks are kept into this category. Security against these attacks is the
major issue of internet security in today’s scenario where internet has very deep penetration. Internet has
no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance
it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks
attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are
some of the most common and recent attacks to compromise the privacy of the internet users. Many a times
if the user isn’t careful, then these attacks are able to steal the confidential information of user (or
unauthorized access). Generally these attacks are carried out with the help of social networking sites,
popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and
many other social networking sites are facing these security attack problems.
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
need help with a term paper 8 pages Write a term paper that discusses the risks of pharming and
phishing with respect to identity theft, including spam emails claiming to come from well-known
companies and financial institutions. Including in your paper a discussion of some of the current
techniques being deployed to reduce pharming and phishing, including how effective they are\".
Solution
Pharming:
Pharming (pronounced ‘farming’) is a form of online fraud which is similar to phishing as these
guyz rely upon the same bogus websites and theft of confidential information. However, where
phishing will forward the user to the website through ‘bait’ in the form of a phony email or link,
pharming re-directs victims to the bogus site even if the victim has typed the correct web
address. This is often applied to the websites of well known banks or e-commerce sites, which
considerably dreadful.
Phissing:
Phishing is a form of fraud in which the criminals will try to learn information such as login
credentials or account information by masquerading as a reputable entity or person in email, IM
or other communication channels.Phishing email messages, websites, and phone calls are
designed to steal money. Online frauds can do this by installing malicious software on your
computer. It is a type of an email that falsely claims to be a legitimate enterprise in an attempt to
scam the user into surrendering private information.
Difference between Phissing and Pharming:
Both Phissing and Pharming are entirely two different concepts that are applied to steal the
customer information online.
While pharming is still considered a subset of phishing, it refers to a specific type of phishing
using DNS hijacking or poisoning to forward the user\'s browser to fraudulent sites or servers.
Pharming was keep on increasing from 2005 but has decreased slightly this year due to increased
diligence of domain controls, and is therefore employed less than the phishing exploits
mentioned above.
Special Notes:
From February 2005 to August 2005, worldwide there was a large number of pharming attacks,
due to common misconfigurations of DNS servers that made them accept the poison. While we
still see a trickle of pharming attacks today, most DNS servers have improved their poisoning
defenses, thereby lowering the incident of attacks. Don\'tget fooled, though, they are still out
there and we have to be diligent. If you run a Windows-based DNS server, make sure you have
enabled the \"Secure Cache Against Pollution\" option in the configuration GUI (the default for
recent versions of Windows DNS server). Also, never use Windows DNS servers configured to
forward requests through BIND 4 or 8. Windows DNS servers acting as forwarders should
always go through BIND 9, which can cleanse potentially poisoned records.
Risk of Phissing:
We can come to some general conclusions on the business risks of phishing attacks based on this
year\'s rash of privacy breaches. Phishing attacks ended in per.
We are a new generation IT Software Company, helping our customers to optimize their IT investments, while preparing them for the best-in-class operating model, for delivering that “competitive edge” in their marketplace.
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
Cybersecurity has been the major area of concern throughout 2022 and now 2023 is all set to witness a new version of cyber-attacks with advanced technologies.
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...IJNSA Journal
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. Many a times if the user isn’t careful, then these attacks are able to steal the confidential information of user (or unauthorized access). Generally these attacks are carried out with the help of social networking sites, popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and many other social networking sites are facing these security attack problems.
This paper discusses a Knowledge Base Compound approach which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks. With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks.
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks
Knowledge base compound approach against phishing attacks using some parsing ...csandit
The increasing use of internet all over the world, be it in households or in corporate firms, has
led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet.
Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s
scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made
communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the
security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and
other hacking attacks are some of the most common and recent attacks to compromise the
privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks
using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This
approach employs various parsing operations and query processing which use many techniques
to detect the phishing attacks as well as other web attacks. The aforementioned approach is
completely based on operation through the browser and hence only affects the speed of
browsing. This approach also includes Crawling operation to detect the URL details to further
enhance the precision of detection of a compromised site. Using the proposed methodology, a
new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing
as well as other web based attacks
VISITOR MANAGEMENT SYSTEMS
Walking through the lobby of an office building typically entails greeting the security guard, presenting your identification, and waiting for further instructions on how to access the premises. However, as technology continues to modernize it also changes the way we work and communicate. Computers are quickly replacing the familiar faces of security desk staff and our digital identities are quickly defining our access. https://mikeechols.com/visitor-management-system
Phishing is the fraudulent acquisition of personal information like username, password, credit card information, etc. by tricking an individual into believing that the attacker is a trustworthy entity. It is affecting all the major sector of industry day by day with lots of misuse of user’s credentials. So in today
online environment we need to protect the data from phishing and safeguard our information, which can be done through anti-phishing tools. Currently there are many freely available anti-phishing browser extensions tools that warns user when they are browsing a suspected phishing site. In this paper we did a literature survey of some of the commonly and popularly used anti-phishing browser extensions by reviewing the existing anti-phishing techniques along with their merits and demerits.
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. In this study, we have developed a complete prototype of Malicious URL Detection using machine learning methods. In particular, we have attempted an exact formulation of Malicious URL exposure from a machine learning perspective and proposed an approach using the AdaBoost algorithm - the proposed approach has brought forward more accuracy than other existing algorithms.
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
Nowadays it is very common to hear from people that internet network is the largest engineering system,
and something that we cannot imagine life without.
Similar to Phishing Attacks: A Challenge Ahead (20)
OER in the Mobile Era: Content Repositories’ Features for Mobile Devices and ...eLearning Papers
Learning objects and open contents have been named in the Horizon reports from 2004 and 2010 respectively, predicting to have an impact in the short term due to the current trend of offering open content for free on the Web. OER repositories should adapt their features so their contents can be accessed from mobile devices. This paper summarizes recent trends in the creation, publication, discovery, acquisition, access, use and re-use of learning objects on mobile devices based on a literature review on research done from 2007 to 2012. From the content providers side, we present the results obtained from a survey performed on 23 educational repository owners prompting them to answer about their current and expected support on mobile devices. From the content user side, we identify features provided by the main OER repositories. Finally, we introduce future trends and our next contributions.
Designing and Developing Mobile Learning Applications in International Studen...eLearning Papers
This paper reports on an international collaboration in which students from different universities designed and developed mobile learning applications, working together in interdisciplinary teams using social and mobile media. We describe the concept, process and outcomes of this collaboration including challenges of designing and developing mobile learning applications in virtual teams.
This paper reports on the current challenges the professional sector faces when going mobile. The report discusses the role of mobile devices in the workforce and addresses challenges like compatibility, security and training. It also provides a comprehensive review of the mobile landscape, and reviews current best practices in mobile learning.
Standing at the Crossroads: Mobile Learning and Cloud Computing at Estonian S...eLearning Papers
This paper studies the impact of mobile learning implementation efforts in Estonian school system – a process that has created a lot of controversy during the recent years. Best practices in mobile learning are available from the entire world, forcing schools to keep up the push towards better connectivity and gadgetry. Even in the best cases where the schools are provided with the necessary tools, the process has met a lot of scepticism from teachers who are afraid to implement new methods. Teachers are often cornered with the ‘comply or leave’ attitude from educational authorities, resulting in a multi-sided battle between involved parties.
We have surveyed students, teachers, parents and management at five Estonian front-runner schools to sort out the situation. The results show different attitudes among students, school leaders and staff – while all of them mostly possess necessary tools and skills, teachers almost completely lack motivation to promote mobile learning. We propose some positive and negative scenarios – for example, we predict major problems if teacher training will not change, e-safety policies are inadequately developed or authorities will continue the tendency to put all the eggs into one basket (e.g. by relying solely on closed, corporate solutions for mobile learning platforms).
M-portfolios: Using Mobile Technology to Document Learning in Student Teacher...eLearning Papers
We briefly analyse the enhancement of eportfolio processes defined by Zubizarreta (2009) with the introduction of mobile technology. We give some examples of appropriation of mobile device usage in eportfolio processes carried out by student teachers. These examples become the evidence of the enhancement possibilities of one of the portfolio processes defined by Zubizarreta (2009), that of documentation.
GGULIVRR: Touching Mobile and Contextual LearningeLearning Papers
The quest of today’s learning communities is to creatively uptake and embed the emerging technologies to maintain the pace of change, of learning content and platforms, while satisfying learners’ needs and coping with limited resources. As information is delivered abundantly and change is constant, education focuses on driving 21st century fluency.
Project GGULIVRR, Generic Game for Ubiquitous Learning in Interactive Virtual and Real Realities, initiates the study of ubiquitous learning, investigating mobile and contextual learning, challenging small devices with sophisticated computing and networking capacities, testing the pervasive internet and exploring intelligent tags.
The goal of project GGULIVRR is to present learning communities a framework enabling learners to practice and enhance 21st century skills while generating and playing mobile contextual games.
Project GGULIVRR entices learners to get in touch. To play the contextual game one needs to physically go to a ‘touchable’ location, where real objects are tagged with an intelligent tag. By touching a tag one gets in touch with the contextual content. Through playing and developing GGULIVRR games one meets other gamers and developers as the project format induces interdisciplinarity, inter-social and intercultural communication and collaboration empowering local people to unlock contextual content with a minimal technical threshold.
Reaching Out with OER: The New Role of Public-Facing Open ScholareLearning Papers
Open educational resources (OER) and, more recently, open educational practices (OEP) have been widely promoted as a means of increasing openness in higher education (HE). Thus far, such openness has been limited by OER provision typically being supplier-driven and contained within the boundaries of HE. Seeking to explore ways in which OEP might become more needs-led we conceptualised a new ‘public-facing open scholar’ role involving academics working with online communities to source and develop OER to meet their needs.
To explore the scope for this role we focused on the voluntary sector, which we felt might particularly benefit from such collaboration. We evaluated four representative communities for evidence of their being self-educating (thereby offering the potential for academics to contribute) and for any existing learning dimension. We found that all four communities were self-educating and each included learning infrastructure elements, for example provision for web chats with ‘experts’, together with evidence of receptiveness to academic collaboration. This indicated that there was scope for the role of public-facing open scholar. We therefore developed detailed guidelines for performing the role, which has the potential to be applied beyond the voluntary sector and to greatly extend the beneficial impact of existing OER, prompting institutions to release new OER in response to the needs of people outside HE.
Managing Training Concepts in Multicultural Business EnvironmentseLearning Papers
Companies that need training and development services increasingly often operate in a context that consists of more than just one country, language and culture. While business operations are becoming international, companies expect their service providers being capable of catering them where needed. Succeeding in a very complex multinational customer-tailored training project takes more than a good concept. The concept must be flexible so that when language and cultural changes vary from country to country they do not endanger the content to be delivered. There can be several localised versions of the training concept under simultaneous delivery. Challenge is how to manage the concept.
Reflective Learning at Work – MIRROR Model, Apps and Serious GameseLearning Papers
This report discusses the initial results of a 4-year FP7 research project that developed a theoretical model and worked on the creation and evaluation of a range of ‘Mirror’ apps based on our Mirror reflection model. The findings divulge how the apps and serious games can facilitate reflectionº at work, by empowering employees to learn by reflection on their work practice and on their personal learning experiences.
SKILL2E: Online Reflection for Intercultural Competence GaineLearning Papers
The project SKILL2E aims to equip students on international work placements with intercultural competences. The model proposes a double loop learning cycle in which a shared online diary using guided questions is used for reflection. Preliminary results illustrate how this collaborative approach is conducive to the development of intercultural competences.
Experience Networking in the TVET System to Improve Occupational CompetencieseLearning Papers
This paper aims at considering the development and strengthening of networks in (T)VET systems as a means of improving employability and mobility of workers, through a system where occupational competences, required by the Labour Market, described in terms of Learning Outcomes that can be assessed and validated in all different contexts (formal, non formal and informal) developed following quality standards, will be abreast with changes and innovations of the global context requirements, in order to respond to those shortcomings that limit the potential growth of countries with serious implications for the participation in global markets, job growth, economical and social stability.
Leveraging Trust to Support Online Learning Creativity – A Case StudyeLearning Papers
The insights shared through this article build on data collected in real life situations. The work described here attempts to understand how trust can be used as leverage to support online learning and creative collaboration. This report explores this understanding from the teacher perspective. It examines trust commitments in an international setting within which learners from different European countries collaborate and articulate their learning tasks and skills at a distance. This research endeavour aims to recognize both individual and group vulnerabilities as opportunities to strengthen their cooperation and collaboration. We believe that by understanding how to assess and monitor learners’ trust, teachers could use this information to intervene and provide positive support, thereby promoting and reinforcing learners’ autonomy and their motivation to creatively engage in their learning activities.
The results gathered so far enabled an initial understanding of what to look for when monitoring trust with the intention of understanding and influencing learners’ behaviours. They point to three main aspects to monitor on students: (1) their perception of each others’ intentions, in a given context, (2) their level of cooperation as expressed by changes in individual and group commitments towards a particular activity; and, (3) their attitudes towards the use of communication mediums for learning purposes (intentions of use, actual use and reactions to actual use).
Innovating Teaching and Learning Practices: Key Elements for Developing Crea...eLearning Papers
This paper looks at how to innovate teaching and learning practices at system level. It describes the vision for ‘Creative Classrooms’ and makes a consolidated proposal for their implementation, clarifying their holistic and systemic nature, their intended learning outcomes, and their pedagogical, technological, and organisational dimensions for innovation. ‘Creative Classrooms’ (CCR) are conceptualized as innovative learning environments that fully embed the potential of ICT to innovate learning and teaching practices in formal, non-formal and informal settings.
The proposed multi-dimensional concept for CCR consists of eight encompassing and interconnected key dimensions and a set of 28 reference parameters (‘building blocks’). At the heart of the CCR concept lie innovative pedagogical practices that emerge when teachers use ICT in their efforts to organize newer and improved forms of open-ended, collaborative, and meaningful learning activities, rather than simply to enhance traditional pedagogies, such as expository lessons and task-based learning.
A preliminary analysis of two existing cases of ICT-enabled innovation for learning is presented in order to show (i) how the proposed key dimensions and reference parameters are implemented in real-life settings to configure profoundly diverse types of CCR and (ii) to depict the systemic approach needed for the sustainable implementation and progressive up-scaling of Creative Classrooms across Europe.
Website – A Partnership between Parents, Students and SchoolseLearning Papers
The website developed by the 1.b class at the Augusta Šenoa elementary school is, first and foremost, a pioneering work stemming from cooperation among teachers and parents. The purpose of the website is to inform, activate, and involve parents, students and teachers who work in the classroom. Each activity is documented, giving insight into the everyday activities, and making the classroom visible and transparent to everyone. The project uses new technology (forum, gallery of student work, class mail), and enlists a partnership of parents, who made parts of the website.
Academic Staff Development in the Area of Technology Enhanced Learning in UK ...eLearning Papers
This paper reports on a study on staff development in the area of technology enhanced learning in UK Higher Education Institutions (HEIs) that took place in November, 2011. Data for this study were gathered via an online survey emailed to the Heads of e-Learning Forum (HeLF) which is a network comprised of one senior staff member per UK institution, leading the enhancement of learning and teaching through the use of technology. Prior to the survey, desk-based research on some universities’ publicly available websites gathered similar information about staff development in the area of technology enhanced learning. The online survey received 27 responses, approaching a quarter of all UK HEIs subscribed to the Heads of e-Learning forum list (118 is the total number). Both pre-1992 (16 in number) and post-1992 Universities (11 in number) were represented in the survey and findings indicate the way this sample of UK HEIs are approaching staff development in the area of TEL.
The Ageing Brain: Neuroplasticity and Lifelong LearningeLearning Papers
The role of adult education is becoming increasingly important in the framework of policies to promote lifelong learning. Adult participation in training activities, however, is still rather low, despite the incentives and initiatives aimed at allowing all citizens access
to education and training at all ages in their lives.
Participation tends to decrease concomitantly with increasing age: the major difficulty that elderly people have in learning is due to a deterioration of brain function, causing a progressive weakening of concentration, memory and mental flexibility. Today, advanced
researches in neuroscience show that brain ageing may be reversible: the brain
is plastic in all stages of life, and its maps can restructure themselves through learning experiences.
Checklist for a Didactically Sound Design of eLearning ContenteLearning Papers
The design of elearning content requires several areas of educational psychology to be
integrated. In order to enhance the design process, checklists can be used as a means of formative evaluation. We present a checklist for the design and formative evaluation of elearning modules.
It covers the content, segmenting, sequencing and navigation, adaptation to target audience,
design of text and graphics, learning tasks and feedback, and motivation. In the context of a project on designing elearning modules on renewable energies, this
checklist was successfully used for providing formative feedback to the developers.
The International Student and the Challenges of Lifelong LearningeLearning Papers
Although few people would oppose the view that lifelong learning is intended to be a positive experience, it should be borne in mind that an ageing student body might require the development of additional tools and skills for the online educator.
In this short paper we present two cases of challenges faced by international learners who brought with them into the learning environment some issues that were the product, not only of the age of the learner in question, but also of the geographical environment
in which they studied. The names of the learners have been changed.
Fostering Older People’s Digital Inclusion to Promote Active AgeingeLearning Papers
Within the framework of the European Year for Active Ageing and Solidarity between Generations, ECDL Foundation will partner with AGE Platform Europe to promote older people’s digital inclusion.
This collaboration involves the launch of an updated ICT training programme adapted to older people’s needs: a revised version of the ECDL Foundation’s accessible ICT training programme, EqualSkills.
eLearning and Social Networking in Mentoring Processes to Support Active AgeingeLearning Papers
Mentoring is a human resources development process often used to induct, introduce and guide staff into places of employment.
Training people on the job or using elderly people as mentors can be organised to address aspects like skill shortage in organisations, recruiting and retaining personal with the necessary knowledge and active involvement of older people. In this paper we present some aspects of mentoring, particularly the ICT support of such process and
give examples.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
1. In-depth
Phishing Attacks: A Challenge Ahead
Author Password-based authentication is used in online web applications due to its simplic-
ity and convenience. Efficient password-based authentication schemes are required
Sandeep K. Sood
to authenticate the legitimacy of remote users, or data origin over an insecure com-
Head & Associate Professor,
G.N.D.U. Regional Campus, munication channel. Password-based authentication schemes are highly susceptible to
India phishing attacks.
san1198@gmail.com
Phishing attacks are becoming more and more sophisticated and therefore require
strong countermeasures, a task complicated by their elusive nature; phishing sites
Tags cause damage in a short time span, going online and vanishing. This type of attack is
causing a direct damage to the financial industry and is also affecting the expansion
password authentication, of e-commerce. Thus, financial transactions in web applications require highly secure
phishing, browser indicators, authentication protocols and need countermeasures against phishing in order to make
cookies, dynamic identity
online transactions reliable and secure.
In this paper, we present a survey of different anti-phishing techniques based on sev-
eral crucial criteria. This study will help in developing different password-based anti-
phishing authentication techniques for web applications.
1. Introduction
Authentication is reliably identifying an entity. It is the most important defence in the secu-
rity of a system. The active hackers, dictionary attacks, phishing scams and other malicious
threats have brought great challenges and potential threats to online transactions. Authen-
tication is essential because the numbers of online transactions are increasing exponentially
on the web. The most common verification technique is to check whether claimant pos-
sesses some information or characteristics that a genuine entity should possess. Authentica-
tion process gets complicated when text, visual or audio clues are not available to verify the
identity. Authentication protocols are capable of simply authenticating the user to the con-
necting party and vice-versa. The current technologies used in authentication are password,
smart card, passphrase, biometrics, public key cryptography, zero knowledge proof, digital
signature, SSL/TLS (Secure Socket Layer/ Transport Layer Security), IPsec (IP Security) and
secure shell. The selection of an environment appropriate authentication method is one of
most crucial decisions in designing secure systems.
Phishing is an online identity theft that combines social engineering and website spoofing
techniques to cheat the user by redirecting his confidential information to an untrusted
destination. The attacker can use this information in online transactions to make an illegal
economic profit. In a phishing attack, the attacker sends a large number of spoofed e-mails
to random Internet users that appear to be coming from a legitimate business organization
such as a bank. The e-mail requests the recipient to update his personal information and also
warns that failure to reply the request will result in closure of his online banking account.
The victim follows the phishing link provided in the e-mail and is directed to a website that
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
1
2. In-depth
is under the control of the attacker. The average user can not 2. Literature Review
distinguish a well designed phishing website from the legitimate
site because the phishing site is prepared in a manner that imi- To mitigate the risk of phishing attacks, defense mechanisms
tates visual characteristics of the target organization’s website have been deployed at both the client and the server sides.
by using similar colors, icons, logos and textual descriptions. These solutions include the digitally signed e-mail (S/MIME),
Password based authentication is highly susceptible to phishing anti-phishing plug-ins for browsers like SpoofGuard(1), Kirda
attacks by exploiting the visual resemblance of domain names and Kruegel’s measures(2), blacklist integration into Internet Ex-
to allure the victims (e.g. www.paypai.com instead of actual plorer browser(3), Google safe browsing(4) and Mozilla phishing
www.paypal.com). Phishing attacks are increasing despite the protection(5).
use of preventive measures like e-mail filters and content analy-
In 1999, RFC 2617(6) proposed a Digest Access Authentication
sis. The effectiveness of these anti-spam techniques depends
scheme that uses a password digest to authenticate a user. In
upon many critical factors such as regular filter training. There
2004, Herzberg and Gbara(7) constructed a TrustBar that associ-
is still a possibility that some of the phishing e-mails manage
ates the logo with the public key certificate of the visited site.
to get through the filters and reach the potential victims. The
In 2004, SecurID(8) scheme was suggested that uses one-time
phishing attacks are becoming more and more sophisticated
password for authentication and has been deployed in a num-
and therefore require strong countermeasures. It is important
ber of financial organizations. In 2005, PwdHash(9) scheme was
to detect the phishing sites early because most of them are
suggested that authenticates a user with one-way hash(10) on
short-lived and cause the damage in the short time span be-
<password, domain name> instead of the password only so as
tween appearing online and vanishing. Phishing is doing direct
to defeat the visual similarity of the domain name. This tech-
damage to the financial industry and is also affecting the expan-
nique creates a domain specific password that becomes use-
sion of e-commerce.
less if it is submitted to another domain. However, PwdHash is
One of the solutions to counter phishing is to render the brows- susceptible to offline dictionary attack and ineffective against
ers with security indicators such as use of https in URL bar, pharming or DNS spoofing attack where the attacker presents
locked icon, public key certificate and security warnings. The correct domain name to the browser but redirects the user’s re-
main reason for the success of phishing attacks is that average quest to its own server. In 2005, Synchronized Random Dynamic
users do not constantly notice the presence of security indica- (SRD)(11) scheme was suggested that is having an internal refer-
tors and do not know how to interpret them. A solution is re- ence window, whose color changes randomly and sets up the
quired in which the user does not have the need of interpreting boundary of the browser window with different colors accord-
the browser based security indicators. ing to certain rules. This scheme is impractical for hand held de-
vices and is also ineffective if the attacker creates a bogus refer-
Phishing attacks are so powerful that many suggested counter- ence window to overlap the original reference window. In 2005,
measures are not very effective. Naive users are easy targets of Dhamija and Tygar(12) proposed a technique that uses Dynamic
phishing attacks. Pharming accomplishes same thing as phish- Security Skin (DSS) on the user’s browser. It creates a dedicated
ing by using Domain Name Server (DNS) spoofing but without window containing a specific image shared between the user
spam e-mail. Here adversary plants false code on DNS itself by and the server for inputting user name and password so as to
DNS spoofing attack. Hence anyone entering correct web site defeat a bogus window. In 2005, SpoofGuard(1) technique was
address will be directed by DNS to fake site. suggested that examines the domain name, images and links
on the web pages and raises an alarm to the users if the site
This paper is organized as follows. In next section, we explore
has a high probability of being a phishing site. In 2005, Adels-
the literature on existing anti-phishing protocols. Then the pa-
bach et al.(13) combines different concepts of an adaptive web
per discusses the various anti-phishing password protocols in
browser toolbar that summarizes all relevant information and
terms of security, cost and performance. We present future re-
allows user to get required crucial information at a glance. This
search directions and finally we conclude the paper.
toolbar is a local component of user’s system on client side and
hence a remote attacker can not access it by means of active
web languages. The main disadvantage of this toolbar scheme is
that the user has to recognize his personal image at each login.
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
2
3. In-depth
In 2006, Wu et al.(14) found that 13-54 % of the users visited the Google. In 2007, Zhang et al.(22) performed a similar study
phishing websites, despite the warnings from anti-phishing that tested the detection rates of different blacklist based anti-
toolbars. Several browser toolbars like SpoofGuard and TrustBar phishing solutions. Their dataset includes 100 phishing URLs
have been proposed to find a pattern in phishing websites and collected over a period of three days in November 2006. They
alerts the user if the given site matches the pattern. In 2006, analyzed ten toolbars experimentally and reported that the only
Juels et al.(15) suggested the use of cache cookies for the user toolbar consistently identifying more than 90 % of phishing URLs
identification and authentication that uses the browser cache also classified 42 % of legitimate URLs incorrectly as phishing.
files to identify the browser. These cookies are easy to deploy VeriSign(23) is providing a commercial anti-phishing service. The
because it does not require installation of any software on the company is crawling millions of web pages to spot out clones to
client side. Then they extended the concept to active cookie identify phishing websites. In 2007, Adida(24) suggested a Frag-
scheme, which stores the user’s identification and a fixed IP ad- Token scheme that uses the URL portion as an authenticator
dress of the server. During the client’s visits to the server, the and accordingly change response for authentication. FragToken
server will redirect the client request to the fixed IP address so is only useful in low security environment like blog because it is
as to defeat phishing and pharming attacks. SiteKey has been vulnerable to man-in-the-middle attack.
deployed by the bank of America(16) and Yahoo’s sign-in seal(17)
In 2007, Gouda et al.(25) proposed an anti-phishing single pass-
to prevent a phishing attack. Initially, it recognizes the client’s
word protocol that allows the user to choose a single password
browser by a previously installed cookie and then requests the
of his choice for multiple online accounts on the web. In 2008,
user to enter his user name. After successful authentication, a
Yongdong et al.(26) proposed SSO anti-phishing technique based
user specific image is displayed on the browser. Finally, the user
on encrypted cookie that defeats phishing and pharming at-
submits his password after recognizing the image displayed on
tacks. They mentioned different reasons for web spoofing like
the browser to authenticate itself. In 2006, Automatic Detect-
self signed certificates or insertion of a spoofed image repre-
ing Security Indicator (ADSI)(18) was proposed as an enhance-
senting security indicator where one does not exist. Most of the
ment of toolbar scheme that generates a random picture and
users can not distinguish the spoofed browser’s security indica-
embeds it in to the existing web browser. It can be triggered by
tors from actual security indicators such as public key certificate,
any security related event occurred on browser and then per-
URL bar and locked icon. It encrypts the sensitive data with the
forms automatic checking on current active security status. In
server’s public key and stores this cookie on the user’s comput-
case mismatch in embedded images is detected, an alarm goes
er. This Encrypted Cookie Scheme (ECS) has advantage that the
off to alert the users. ADSI can not prevent man-in-the-middle
user can ignore SSL indicator in online transaction procedure.
and phishing attacks with self sign certificate.
NetCraft Tool Bar(27) is based on risk rating system. Risk is com-
In 2007, Ludl et al.(19) analyzed legitimate and phishing websites
puted based on the age of domain. This technique uses the
to define the metrics that can be used to detect a phishing site.
database of phishing sites and hence might not recognize new
In 2007, Microsoft deployed Sender ID(20) and Yahoo deployed
phishing sites successfully. SpoofStick(28) provides basic domain
DomainKeys(17) protocols to detect the phishing e-mails. In
information. It will show that you are on paypal.com when you
2007, Karlof et al.(21) proposed the cookies based Locked Same
are on paypal site or will display you are on IP address of spoofed
Origin Policy (LSOP) that enforces access control for the SSL web
site. It is not efficient against spoofed sites opened in multiple
objects based on the server’s public key. In 2007, Microsoft in-
frames. McAfee SiteAdvisor(29) protects the users from spyware
tegrated the blacklisted phishing domains in to the web brows-
and ad-ware attacks. It uses the crawler to create a large data-
er so that browser refuses to visit these phishing websites. In
base of malware and test results on them to provide rating for
2007, Google Safe Browsing uses a blacklist of phishing URLs to
a site. This technique will not be able to find new phishing sites.
find out a phishing site. This technique can not recognize those
The ebay Tool Bar(30) solution is based on “Account Guard” that
phishing sites which are not present in the blacklist maintained
changes color if the user is on a spoofed site and is specifically
by the server. This approach can prevent phishing attack if the
designed for ebay and paypal websites.
fraudulent sites are discovered and listed quickly. A study car-
ried out by the Microsoft in 2007 reported that the Microsoft’s
blacklist is superior to the Google’s blacklist. Another study ini-
tiated by the Mozilla drew the opposite conclusion in favor of
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
3
4. In-depth
3. Discussion spoofed site. It is not efficient technique against spoofed sites
opened in multiple frames. McAfee SiteAdvisor protects the us-
Security Requirements ers from spyware and ad-ware attacks. It uses the crawler to
create a large database of malware and test results on them to
Password is the most commonly used technique to authenticate provide rating for a site. This technique will not be able to find
the users on the web. Short and easily memorable passwords new phishing sites. The ebay Tool Bar solution is based on “Ac-
are susceptible to attacks on insecure communication channels count Guard” that changes color if the user is on a spoofed site
like the Internet. On the other hand, the users find it difficult and is specifically designed for ebay and paypal web sites.
to remember long and complex passwords. A common practice
adopted by the users is to choose a single strong password and Countermeasures to online dictionary attacks are provided by
use it for multiple accounts, instead of choosing a unique pass- Pinkas and Sander(33). Several techniques are available to with-
word for each account(31). The attacker can learn the password stand dictionary attacks. Most of the existing password based
of a user from a less secure site and reuse it to compromise a authentication schemes are vulnerable to different attacks (e.g.
secure site. An insider or a person close to the user has the max- dictionary, phishing, man-in-the-middle) and hence not able
imum ability to steal the user’s password because most of the to serve as an ideal password authentication scheme. The fast
users chosen passwords are limited to the user’s personal do- development in Internet and web technologies for online ap-
main. Therefore, the password based authentication schemes plications such as e-commerce and e-government is increasing
are vulnerable to phishing, dictionary, man-in-the-middle and at exponential rate. Once the server authenticates the user’s
insider attacks. Hacking and identity thefts are the two main input, web server sends the confidential page to user’s browser
concerns in password based authentication protocols. Phish- window. User’s password sent to a server for authentication
ing attacks are also increasing significantly in online transac- is subject to phishing attacks. User may have disclosed sensi-
tions. Information Technology (IT) companies such as Microsoft, tive data to an adversary during its visit to a fake or unreliable
Google, America On Line (AOL) and Opera have recently started server. Security requirements for password based authentica-
announcing browser integrated blacklist based anti-phishing so- tion protocol requires resistance against different attacks such
lutions. A solution is required to list out the new phishing sites as phishing, dictionary, man-in-the-middle, denial of service,
in blacklist database quickly otherwise they will do the damage impersonation, forward secrecy, server spoofing, replay, smart
before being included in the blacklist database. Researchers are card loss, stolen-verifier and parallel session and should achieve
putting efforts in developing better password based authenti- mutual authentication.
cation protocols that should achieve required goals and satisfy
security requirements to withstand all possible attack scenarios. Goals
In 2006, Wu et al.(32) gave different reasons for web spoofing Most of the user’s finds it difficult to understand security indi-
like placing a spoofed image with security indicator even though cators. Researchers are working for effective browser integrat-
it does not exist and self signed certificates. Most of users find ed blacklist based solutions and other different techniques to
it difficult to interpret browser security indicators correctly and thwart phishing attacks. An adversary can masquerade as a legal
clues such as URL bar, locked icon, certificate dialogs and secu- user by stealing user’s identity and password stored in plain text
rity warnings. from the password table stored on remote server. Hashed or
encrypted passwords can solve this problem. Lamport(34) pro-
Google Safe Browsing uses a blacklist of phishing URLs to find
posed one-time password with one-way hash function that was
out a phishing site. This technique can not recognize those
secure against replay attacks. Password reuse rates increases
phishing sites which are not present in the black list maintained
because people accumulate more accounts but did not create
by server. NetCraft Tool Bar is based on risk rating system. Risk
more passwords. Researchers have conducted experimental
is computed based on the age of domain. This technique uses
studies of password use and concluded that people inclined to
the database of phishing sites and hence might not recognize
pick passwords that represent themselves. Personalized pass-
new phishing sites successfully. SpoofStick provides basic do-
words such as phone numbers, vehicle number, pet’s name or
main information. It will show that you are on paypal.com when
a social security number can be cracked given a large enough
you are on paypal site or will display you are on IP address of
dictionary tries. Gaw et al.(35) give tips and rules for creating
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
4
5. In-depth
strong passwords: use of both uppercase and lowercase let- freely, not revealing password to the server, password trans-
ters, at least six characters, avoid common literary names, mix mission should not be in clear text, appropriate password for
up two or more separate words, create an acronym from an memorization, unauthorized login can be detected quickly and
uncommon phrase, avoid passwords that contain login iden- the scheme should be secure even if the secret key of the server
tity, use of numbers, dropping of letters from a familiar phrase, is leaked out or stolen.
deliberate misspelling and use of punctuation in the password.
Table 1 gives the cost and functionality comparison among re-
The average user finds it difficult to remember complex pass-
cent anti-phishing protocols. Table 2 gives the statistics of or-
words. Moreover, most of the users lack motivation and do not
ganization based phishing sites. Table 3 gives the attacks and
understand the need of password security policies. An ideal
countermeasures. Table 4 gives the domains, country domains
password authentication scheme should not store verification
and phishing count.
table directly on the server, allows the user to change password
Need of Need of
Need of Need of Security
Web based checking installing Dictionary
checking checking ignorant
password protocols browser additional attack
URL GUI users
indicators software
SSL [36] Yes No No No No Yes
Digest Access [6] Yes Yes No No No Yes
PwdHash [9] Yes No No Yes No Yes
SRD [11] Yes No Yes Yes No Yes
DSS [12] Yes Yes Yes Yes No Yes
SpoofGuard [1] Yes Yes No Yes No Yes
LSOP [21] Yes Yes Yes Yes No Yes
Cache cookies [15] Yes No Yes No No Yes
SPP [25] Yes Yes No Yes No Yes
Table 1: Cost and functionality comparison among different anti-phishing protocols
Organization Phishing sites Success rate (%) Attacks Measures
ebay 231 14.8 Malware Firewall, Anti-virus, Anti-keylogger & IDS
paypal 211 7.6
Phishing e-mail Digitally signed e-mail, Bank e-mail
Bank of America 28 2
Trusted path browser, Browser indicator,
HSBC 7 0 Bogus web sites
Dynamic security skin
amazon 4 4
Identity theft Smart card, Dynamic identity
Table 2: Organization based phishing sites
Table 3: Phishing attacks and their countermeasures
Domain Phishing count Country domain Phishing count
.com 12275 .in 252
.biz 353 .us 334
.net 2305 .uk 1584
.org 1425 .hk 2278
Table 4: Domain, country domain and phishing count
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
5
6. In-depth
4. Future Directions 5. Different solutions to thwart online dictionary attacks in
authentication protocols have been suggested. These so-
1. Potential scope of research work contains the important
lutions include Reverse Turing Tests (RTT), single password
issues identified as the dynamic identity management,
to different accounts, virtual password generation, two
multi level password verification and two layers based
layers based password verification and password based
password concept so that efficient password authentica-
authentication using multi-server environment. Most of
tion schemes can be designed which satisfy all the security
the suggested solutions are vulnerable to dictionary at-
requirements and achieve the goals of an ideal password
tacks, even the most commonly used RTT is vulnerable to
authentication scheme. An ideal password authentication
RTT relay attack. More effective and efficient techniques
scheme should have protection from eavesdropping, de-
are required to thwart online dictionary attacks.
nial of service, impersonation, parallel session, password
guessing, replay, stolen smart card, stolen verifier, man- 6. The role of cookies can be enhanced in virtual password
in-the-middle, malicious user, malicious server, phishing, authentication protocols to preserve the advantages of
pharming and other feasible attacks relevant to that pro- basic password authentication and simultaneously in-
tocol and should achieve mutual authentication. creasing the efforts required for online dictionary attacks.
The legitimate client can easily authenticate itself to the
2. One of the reasons for success of phishing and dictionary
web server from any computer irrespective of whether
attacks is high rate of password reuse because users tend
that computer contains cookie or not. However, the com-
to use the same password with more and more accounts.
putational efforts required from the attacker during login
Users find it difficult to remember several complex pass-
on to the web server increases with each login failure.
words and hence it is difficult to prevent phishing and
Therefore, even the automated programs can not launch
dictionary attacks. One of the thrust and major area of
online dictionary attacks on the proposed protocol.
research is to find technical solutions for the online pass-
word management without significantly changing the 7. Single-Sign-On (SSO) provides an environment in which
user’s behavior. the client sign in once and are able to access the services
offered by different servers under the same administra-
3. Researchers have proposed different anti-phishing tech-
tive control. However, the user’s password verification in-
niques based on the web browser security indicators. The
formation stored on the single centralized server is a main
main reason for the success of phishing attack is that us-
point of susceptibility and remains an attractive target
ers do not constantly notice the presence of a security
for the attacker. Therefore, the concept of SSO password
indicator or find it difficult to understand the meaning
based two-server architecture that uses two-server para-
of these browser based security indicators. Therefore,
digm so that password verification information is distrib-
the web browser must provide an easy to use interface
uted between two servers (an authentication server and
for the users and minimize the efforts in checking the
a control server) is more resistant to dictionary attacks as
browser based security indicators. A solution is required
compared to existing single-server password based SSO
in which the user does not have the need of interpreting
authentication protocols.
the browser based security indicators.
8. Smart card based password authentication is one of the
4. Researchers have proposed an anti-phishing solution
most convenient ways to provide multi-factor authentica-
based on integration of blacklist into the web browsers.
tion for the user by acquiring the smart card and know-
Therefore, effective techniques must be devised to check
ing the identity and password. They are used in financial
whether a web page is legitimate or a phishing page. It
transactions and therefore require secure authentication
is not easy to provide a mechanism to prevent the us-
protocols with high computational and communication
ers from visiting a phishing site. It is important to detect
efficiency. The protocol designer should also take mem-
phishing pages early because most of them are short
ory requirement, number of rounds and time complexity
lived and do the damage in time span between appearing
into consideration.
online and vanishing.
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
6
7. In-depth
9. A number of static identity based remote user authenti- 7. Conclusion
cation schemes have been proposed to improve security,
This Corporate network and e-commerce applications require
efficiency and cost. The static identity leaks out partial
secure and practical remote user authentication solutions. Pass-
information about the user’s authentication messages
word based authentication protocols are mainly susceptible to
to the attacker. On the other hand, the dynamic identity
dictionary and phishing attacks. Instances of phishing attacks
based authentication schemes preserve the user’s ano-
are rapidly growing in number. This is sufficient to shake the
nymity. The dynamic identity is computed from the user
confidence of the customers in e-commerce. Naive users find it
specific parameters and is different for the same user in
difficult to understand the security indicators of the web brows-
each new session of the protocol. Therefore, the dynamic
er. Authenticating the user on the web is an essential primitive
identity based authentication schemes are more suitable
and is target of various attacks. In this study, we analyzed cur-
to e-commerce applications.
rently available password authentication schemes over insecure
10. In e-commerce, the number of servers providing the communication channel. Techniques should be devised so that
services to the user is usually more than one and hence it will be helpful to naive users in judging out phishing web sites
secure authentication protocols for multi-server environ- quickly. That type of protocol can be easily integrated into dif-
ment are required. The concept of multi-server authenti- ferent types of services such as banking and enterprise applica-
cation helps to distribute the user’s verifier information tions. Cookies are good means to provide weak authentication.
among different servers. Therefore, the multi-server ar- SSO authentication is time efficient because it allows the user
chitecture based authentication protocols make it diffi- to enter his identity and password once within specific time pe-
cult for the attacker to find out any significant authentica- riod to login on to multiple hosts and applications within an or-
tion information related to the legitimate users. The issue ganization. The concept of two-tier authentication for the client
of remote login authentication with smart card in single makes it difficult for an attacker to guess out the information
server environment has already been solved by a variety pertaining to password and ticket. Smart card based password
of schemes. These conventional single-server password authentication is one of the most convenient ways to provide
authentication protocols can not be directly applied to multi-factor authentication for the communication between
multi-server environment because each user needs to a client and a server. User’s privacy is an important issue in e-
remember different sets of identities and passwords. Re- commerce applications. Dynamic identity based authentication
searchers are working in this direction to develop secure schemes aim to provide the privacy to the user’s identity so that
and efficient remote user smart card based authentica- users are anonymous in communication channel. Transaction
tion protocols for multi-server environment. authorization method based on out of band channels like SMS
messages was introduced by banks to thwart dictionary and
phishing attacks but it requires two separate communication
channels. The concept of virtual password authentication proto-
col changes the password in each login attempt corresponding
to the same client. In future, more computation and commu-
nication efficient password authentication schemes should be
developed which can resist different attacks in a better way. In
this paper, a brief review of the literature on the research topic
has been carried out. The scope of the research work has been
outlined and the future directions have been listed.
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
7
8. In-depth
References 15. Juels A., Jakobsson M. and Jagatic T.N., “Cache Cookies
For Browser Authentication,” IEEE Symposium on Security
1. Stanford, SpoofGuard Home Page, “http://crypto. and Privacy, pp. 301-305, May 2006.
stanford.edu/SpoofGuard/.”, Accessed: February 11, 2011.
16. Bank of America SiteKey, “http://www.bankofamerica.
2. Kirda E. and Kruegel C., “Protecting Users Against Phishing com/privacy/sitekey/”, Accessed: May 2, 2010.
Attacks,” Computer Journal, vol. 49, no. 5, pp. 554-561, January
2006. 17. Yahoo, “What is a Sign-in Seal? http://yahoo-sign-in.
com/?p=31.”, Accessed: November 15, 2010.
3. Phishing Filter, Microsoft Phishing Filter FAQ, “https://
phishingfilter.microsoft.com/faq.aspx/.”, Accessed: January 4, 18. Qi F., Li T., Bao F. and Wu Y., “Preventing Web-Spoofing
2011. With Automatic Detecting Security Indicator,” ISPEC,
Springer-Verlag, LNCS, vol. 3903, pp. 112-122, April 2006.
4. Google Safe Browsing, “http://www.google.com/tools/
firefox/safebrowsing/.”, Accessed: January 8, 2011. 19. Ludl C., McAllister S., Kirda E. and Kruegel C., “On
the Effectiveness of Techniques to Detect Phishing Sites,”
5. Mozilla Firefox Phishing Protection, “http://en.www. Springer-Verlag, LNCS, vol. 4579, pp. 20-39, May 2007.
mozilla.com/en/firefox/phishing-protection/.”, Accessed:
December 3, 2010. 20. Microsoft Sender ID home page, “http://www.microsoft.
com/mscorp/safety/technologies/senderid/default.mspx/.”,
6. RFC 2617, “HTTP Authentication: Basic and Digest Access Accessed: November 2, 2010.
Authentication,” June 1999.
21. Karlof C., Shankar U., Tygar J.D. and Wagner D.,
7. Herzberg A. and Gbara A., “TrustBar: Protecting (Even) “Dynamic Pharming Attacks and the Locked Same Origin
Naive Users from Spoofing and Phishing Attacks,” Cryptology Policies For Web Browsers,” Proc. of ACM Conference
e-print Archive, Report 2004/155, February 2004. on Computer and Communications Security, pp. 58-71,
November 2007.
8. RSA, “RSA Security: Protecting Against Phishing by
Implementing Strong Two-factor Authentication, https:// 22. Zhang Y., Egelman S., Cranor L. and Hong J., “Phinding
www.rsasecurity.com/securid/PHISH_WP_0904.pdf,” June Phish: Evaluating Anti-Phishing Tools,” Proc. of 14th Annual
2004. Network & Distributed System Security Symposium (NDSS
2007), California, USA, March 2007.
9. Ross B., Jackson C., Miyake N., Boneh D. and Mitchell
J.C., “A Browser Plug-in Solution to the Unique Password 23. VeriSign Messaging Security, “http://www.verisign.com”,
Problem,” Technical Report, Stanford-SecLab, June 2005. Accessed: June 23, 2010.
10. Pramstaller N., Lamberger M. and Rijmen V “Second., 24. Adida B., “BeamAuth: Two-Factor Web Authentication With
Preimages for Iterated Hash Functions and Their Implications a Bookmark,” Proc. of 14th ACM Conference on Computer
on MACs,” Proc. of the 12th Australasian Conference on and Communications Security, Alexandria, USA, pp. 48-57,
Information Security and Privacy , ACISP 2007, Springer- October 2007.
Verlag, LNCS, vol. 4586, pp. 68-81, July 2007.
25. Gouda M.G., Liu A.X., Leung L.M. and Alam M.A.,
11. Ye E.Z. and Smith S., “Trusted Paths For Browsers,” ACM “SPP: An Anti-Phishing Single Password Protocol,” Computer
Transactions on Information and System Security, vol. 8, no. 2, Networks, vol. 51, no. 13, pp. 3715-3726, April 2007.
pp. 153-186, August 2005.
26. Yongdong W.U., Yao H. and Bao F., “Minimizing SSO
12. Dhamija R. and Tygar J.D., “The Battle Against Phishing: Effort in Verifying SSL Anti-phishing Indicators,” Proc. of 23rd
Dynamic Security Skins,” Symposium on Usable Privacy and International Information Security Conference IFIP TC 11,
Security (SOUPS), pp. 77-88, May 2005. Springer, vol. 278, pp. 47-61, September 2008.
13. Adelsbach A., Gajek S. and Schwenk J., “Visual Spoofing 27. Netcraft Anti-Phishing Toolbar, “http://www.toolbar.
of SSL Protected Web Sites and Effective Countermeasures,” netcraft.com/.”, Accessed: December 16, 2010.
Information Security Practice and Experience, Springer-
Verlag, LNCS, vol. 3469, pp. 204-216, September 2005. 28. SpoofStick, “http://www.spoofstick.com (2005)”, Accessed:
April 15, 2009.
14. Wu M., Miller R.C. and Garfinkel S., “Do Security
Toolbars Actually Prevent Phishing Attacks,” Proc. of ACM 29. McAfee SiteAdvisor, “http://www.siteadvisor.com/.”,
Computer/Human Interaction (CHI), pp. 601-610, April 2006. Accessed: April 12, 2010.
30. eBay Toolbar, “http://anywhere.ebay.com/browser/firefox/”,
Accessed: Janurary 2, 2011.
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
8
9. In-depth
31. Halderman J.A., Waters B. and Felten E.W., “A
Convenient Method for Securely Managing Passwords,” Proc.
of 14th ACM International World Wide Web Conference,
Chiba, Japan, pp. 471-479, May 2005.
32. Wu M., Miller R.C. and Garfinkel S., “Do Security
Toolbars Actually Prevent Phishing Attacks,” Proc. of ACM
Computer/Human Interaction (CHI), pp. 601-610, April 2006.
33. Pinkas B. and Sander T., “Securing Passwords Against
Dictionary Attacks,” 9th ACM Conference on Computer and
Communication Security, USA, pp. 161-170, November 2002.
34. Lamport L., “Password Authentication With Insecure
Communication,” Communications of the ACM, vol. 24, no.
11, pp. 770-772, November 1981.
35. Gaw S. and Felten E.W., “Password Management Strategies
For Online Accounts,” Symposium on Usable Privacy and
Security (SOUPS) 2006, USA, pp. 44-55, July 2006.
Edition and production
Name of the publication: eLearning Papers Copyrights
ISSN: 1887-1542
The texts published in this journal, unless otherwise indicated, are subject
Publisher: elearningeuropa.info
to a Creative Commons Attribution-Noncommercial-NoDerivativeWorks
Edited by: P.A.U. Education, S.L. 3.0 Unported licence. They may be copied, distributed and broadcast pro-
Postal address: c/Muntaner 262, 3r, 08021 Barcelona (Spain) vided that the author and the e-journal that publishes them, eLearning
Phone: +34 933 670 400 Papers, are cited. Commercial use and derivative works are not permitted.
Email: editorial@elearningeuropa.info The full licence can be consulted on http://creativecommons.org/licens-
Internet: www.elearningpapers.eu es/by-nc-nd/3.0/
ing
earn
eLearning Papers • ISSN: 1887-1542 • www.elearningpapers.eu
eL ers
28
u
ers.e
gpap
www
.elea
rnin n.º 28 • April 2012
Pap
9