[Cryptography] Phishing Attacks - Alice, HAL and Bob
Joseph Kilcullen
kilcullenj at gmail.com
Fri Jul 8 03:53:26 EDT 2016
Imagine the following: its April fool’s day and someone working at the
BBC decides to play a prank on their viewers. They superimpose the
settings menu of a popular television onto the live television broadcast.
If you have a different brand of television it won’t work, just like a
phishing attack asking me to login to a bank I don’t do business with.
For the correct television I can either use a screening strategy, like
changing the television channel, or I could customise the settings menu
on my television so it looks unique i.e. get my television to use a
signalling strategy. (Game Theory)
A customised settings menu is a shared secret which I use to distinguish
my television menu from the fake menu broadcast by the BBC. This is
cryptography 101. The solution to phishing attacks can be found in any
cryptography textbook.
You are Alice watching your television. Your television is HAL. The
television channel is either Mallory or Bob. After your web browser has
verified the digital signature on a TLS certificate your browser will
display the login window. You, Alice, can tell the difference between a
login window created by your browser and one created by a remote website
by looking at the ‘customisation’, the shared secret. Just like the
customised television menu.
Link can be found on earlier posts or at
http://thefutureisbright.net/game.php including the Full Screen
Counterfeiting demo at http://thefutureisbright.net/fsc/
More information about the cryptography
mailing list