Abstract

Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we discuss existing and proposed defense mechanisms. We highlight the vulnerabilities of current defenses, and the challenges of validating and adopting new defenses. 1 SSL-based Logon Most web browsers and servers support the Secure Socket Layer (SSL) protocol (or its standard version, the Transaction Layer Security (TLS) standard); see [R00]. SSL (and TLS) are advanced, public-key cryptographic protocols. Their main goal is it to protect the confidentiality of sensitive traffic against an eavesdropper, who can listen to the traffic between the client and the server. For example, merchant sites and login pages use SSL to protect, respectively, credit card numbers and passwords, sent by users to the servers. 1.1 Simplified description of SSL as used in most sites. SSL operation is divided into two phases: a handshake phase and a data transfer phase. We illustrate this in Figure 2, for connection between a client and an imaginary bank site