[Cryptography] Phishing Attacks - Alice, HAL and Bob

[Joseph Kilcullen]

Imagine the following: its April fool’s day and someone working at the 
BBC decides to play a prank on their viewers. They superimpose the 
settings menu of a popular television onto the live television broadcast.

If you have a different brand of television it won’t work, just like a 
phishing attack asking me to login to a bank I don’t do business with. 
For the correct television I can either use a screening strategy, like 
changing the television channel, or I could customise the settings menu 
on my television so it looks unique i.e. get my television to use a 
signalling strategy. (Game Theory)

A customised settings menu is a shared secret which I use to distinguish 
my television menu from the fake menu broadcast by the BBC. This is 
cryptography 101. The solution to phishing attacks can be found in any 
cryptography textbook.

You are Alice watching your television. Your television is HAL. The 
television channel is either Mallory or Bob. After your web browser has 
verified the digital signature on a TLS certificate your browser will 
display the login window. You, Alice, can tell the difference between a 
login window created by your browser and one created by a remote website 
by looking at the ‘customisation’, the shared secret. Just like the 
customised television menu.

Link can be found on earlier posts or at 
http://thefutureisbright.net/game.php  including the Full Screen 
Counterfeiting demo at http://thefutureisbright.net/fsc/