Secure Communications Protocol Between Humans and a Bank Server to Prevent Man In The Browser Attack

Bibliographic Information

Other Title
  • Man In The Browser攻撃対策を実現する人間・サーバ間のセキュア通信プロトコル

Search this article

Description

Man In The Browser Attack (MITB attack) is caused by malware that infects a web browser, hence conventional secure communication channels between a machine (web browser) and a machine (bank sever) such as SSL cannot prevent the attack. In this paper, we propose new approach to prevent MITB attack, which is constructing secure communication channels between a machine (web browser) and a human (end user). Our approach uses the user as a computational resource and he/she has to process an end side of the channel. Developing a challenge and response protocol which achieves the proposed channel, we conduct safety evaluation of the protocol. Its result shows that the protocol works safety under the assumption that the bank server sends a "challenge which malware in the browser cannot tap" to the user. Sending the challenge is feasible by applying CAPTCHA technology.

Journal

  • IPSJ SIG Notes

    IPSJ SIG Notes 2015 (22), 1-9, 2015-05-14

    Information Processing Society of Japan (IPSJ)

Details 詳細情報について

  • CRID
    1573950402642629504
  • NII Article ID
    110009900773
  • NII Book ID
    AA11235941
  • ISSN
    09196072
  • Text Lang
    ja
  • Data Source
    • CiNii Articles

Report a problem

Back to top