Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks
To increase the security of CTTN, this thesis introduces Phishing Warden, a browser-plug-in that filters content before client-side scripts can execute, thereby preventing the scripts from obfuscating data in order to bypass the filter. Phishing Warden negotiates the release of sensitive data through web forms via the AutoFill button. After Phishing Warden determines the web server is trustworthy of the requested information, the sensitive data is automatically inserted into the form, indirectly informing the user that Phishing Warden trusts the server with this information.
Besides potentially obfuscating data, scripts in Internet browsers can exploit security vulnerabilities which allow malicious scripts to potentially take over the computer, or deceive the user with a fake toolbar . In addition to preventing data obfuscation by client-side scripts, Phishing Warden also allows a user to customize script control with the push of a button, letting the user decide which websites to trust enough to run scripts. Phishing Warden extends CTTN to remember past sites deemed trustworthy by the user.
School:Brigham Young University
School Location:USA - Utah
Source Type:Master's Thesis
Keywords:phishing internet security trust negotiation warden
Date of Publication:05/13/2005