COUNTERACTING PHISHING THROUGH HCI: DETECTING ATTACKS AND WARNING USERS

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

COUNTERACTING PHISHING

THROUGH HCI: DETECTING

ATTACKS AND WARNING USERS

D

ISSERTATION

an der Fakultat fur Mathematik, Informatik und Statistik

der Ludwig-Maximilians-Universitat Munchen

vorgelegt von

Diplom-Medieninformatiker

M

AX-

E

MANUEL

M

AURER

Munchen, den 15. Dezember 2013

(2)

List of Figures

xvii

I INTRODUCTION

1

1 Introduction

3

1.1 Usable Security 4

1.1.1 Usable Warning Design 5

1.2 Problem Statement 5

1.3 Protection: Detection plus Intervention 6

1.4 Technical Terms of Detection 7

1.5 Main Contributions 9

1.6 Structure 9

2 The Act of Phishing

13

2.1 What is a Phishing Attack? 13

2.2 The Need to Counteract 16

2.3 Phishing Attack Overview 18

2.3.1 The Lifecycle of a Phishing Attack 18

2.3.2 Attacks out of Scope 24

2.3.3 Attacks in Scope: Impersonation 25

2.4 A Brief History of Phishing and a Possible Future Outlook 27

2.4.1 The Term "Phishing" 27

2.5 Design Space of Current Phishing Attacks 30

2.5.1 Typical Phishing Examples 31

2.6 Looking at Today's Browsers: Security Indicators in Use 33

3 Related Work

39

3.1 The Phishing Problem 39

(3)

3.1.2 Who is Falling for Phishing and Why? 43

3.2 The Current State of Detection Methods 45

3.2.1 Black- and Whitelists 46

3.2.2 Security Toolbars 47

3.2.3 Virus Scanners 47

3.2.4 Typo Checkers 48

3.2.5 Law Enforcement and Website Takedown 48

3.2.6 Changing The Internet Architecture 48

3.3 The Current State of User Intervention 49

3.3.1 Classical Warning Research 49

3.3.2 Computer-Specific Warning Literature 51

3.4 Phishing Education 53

3.5 Research Concepts for Detection 54

3.5.1 General Phishing Defense 55

3.5.2 Detection Attempts for Different Features 56

3.5.3 Making Use of a Community 63

3.6 Research Concepts for User Intervention 64

3.6.1 Adaptive Dialogs 64

3.6.2 Guidelines and Applications Thereof 65

3.7 User Study Methodology 68

II PROTECTION THROUGH

HCI

73

4 Overview of Research Covered

75

4.1 Delimitation to Related Work 75

4.2 Main Research Classification 77

4.3 Research Questions 78

4.4 Project Overview 79

5 Nine Research Projects on Phishing and Usability

83

5.1 Phishing Website Test Set 84

5.1.1 What Should a Phishing Test Set Look Like? 84

5.1.2 Collection Phase 85

5.1.3 Postprocessing 88

5.1.4 The Final Test Set 90

(4)

5.1.6 Application of The Test Set 95

5.1.7 Research Results 97

5.2 SecurityGuard Website Status Rollup 98

5.2.1 Yet Another Status Toolbar? 99

5.2.2 Designing the Extension 100

5.2.3 Implementation 105

5.2.4 User Study 106

5.2.5 Discussion and Limitations 108

5.2.6 Research Results 110

5.3 Community-based Rating Intervention 113

5.3.1 The Real World Example: Web Of Trust 113

5.3.2 Community-Based Security Research 114

5.3.3 Building the Prototype 114

5.3.4 User Study Evaluation 117

5.3.5 Discussions and Limitations 120

5.3.6 Research Results 121

5.4 Spell Checking to Detect Fraudulent Websites 122

5.4.1 Detecting Phishing URLs 123

5.4.2 Detector Evaluation 126

5.4.3 Results 128

5.4.4 Discussion and Limitations 131

5.4.5 Research Results 132

5.4.6 Possible User Intervention for the Approach 133

5.5 Data Type Based Security Dialogs 133

5.5.1 User Intervention Concept 135

5.5.2 The First Prototype 137

5.5.3 Detecting the Data Types 137

5.5.4 Lab Evaluation 139

5.5.5 The Second Prototype 141

5.5.6 Field Evaluation 142

5.5.7 Second Lab Evaluation 144

5.5.8 Discussion and Limitations 145

5.5.9 Research Results 146

5.6 Enhancing SSL Awareness in Web Browsers 148

5.6.1 The Concept of SSLPersonas 148

5.6.2 Redesigning SSL Warning Messages 150

5.6.3 Lab Evaluation 151

5.6.4 Field Evaluation 154

5.6.5 Discussion, Limitations and Future Enhancements 155

(5)

5.7 Diminishing Visual Brand Trust 159

5.7.1 The Concept of Destroying Content Trust 159

5.7.2 Focus Group 161

5.7.3 The Final Plugin 164

5.7.4 User Study Evaluation 165

5.7.5 Discussion and Limitations 170

5.7.6 Research Results 170

5.8 Visual Image Comparison For Phishing Detection and Reporting 172 5.8.1 Concept: Detecting Phishing Through Visual Similarity 172

5.8.2 Detector Architecture 174

5.8.3 Evaluating the Detector 176

5.8.4 User Intervention Design 183

5.8.5 User Intervention Evaluation 184

5.8.6 User. Intervention Discussion 188

5.8.7 Research Results 189

5.9 The User Study Web Browser 192

5.9.1 Web Browsers Usage in Today's Experiments 192

5.9.2 Universal Browser Manipulation 194

5.9.3 Developing the Extension 195

5.9.4 User Study: Validating the Extension 198

5.9.5 Research Results 201

6 Aggregated Results and Derived Recommendations

205

6.1 Answers to the Research Questions 205

6.1.1 Phishing Detection 206

6.1.2 User Intervention 213

6.2 From Phishing To General Security 219

6.3 Detector and User Intervention Model 219

7 Recommendations and Guidelines

223

7.1 A Utopia of Anti-Phishing 223

7.1.1 Achieving the Best Detection 224

7.1.2 Optimal User Intervention 225

7.1.3 Future Proof Methods 226

7.1.4 A Web Without Phishing? 226

7.2 Evaluation Recommendations 227

7.2.1 Preparation 227

(6)

7.2.3 Execution 232

7.2.4 Analysis 235

III CONCLUSIONS

239

8 Conclusions and Future Work

241

8.1 Summarizing This Thesis 241

8.2 Open and Future Work 242

8.3 A Final Take Home Message 244

IV BIBLIOGRAPHY

245

Bibliography

247

V APPENDIX

275

Figure

Updating...

Related subjects :