WWW2009 EPrintsPAKE-based Mutual HTTP Authentication for Preventing Phishing AttacksYutakaOiwaauthorHiromitsuTakagiauthorHajimeWatanabeauthorHirofumiSuzukiauthorWe developed a new Web authentication protocol with passwordbased mutual authentication which prevents various kinds of phishing attacks. This protocol provides a protection of user’s passwords against any phishers even if a dictionary attack is employed, and prevents phishers from imitating a false sense of successful authentication to users. The protocol is designed considering interoperability with many recent Web applications which requires many features which current HTTP authentication does not provide. The protocol is proposed as an Internet Draft submitted to IETF, and implemented in both server side (as an Apache extension) and client side (as a Mozilla-based browser and an IE-based one). Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection— Authentication General Terms: Security, Standardization. Keywords: Network protocol, Mutual authentication, HTTP.2009-04Conference or Workshop Item

For work being deposited by its own author: In self-archiving this collection of files and associated bibliographic metadata, I grant WWW2009 EPrints the right to store them and to make them permanently available publicly for free on-line. I declare that this material is my own intellectual property and I understand that WWW2009 EPrints does not assume any responsibility if there is any breach of copyright in distributing these files or metadata. (All authors are urged to prominently assert their copyright on the title page of their work.)

For work being deposited by someone other than its author: I hereby declare that the collection of files and associated bibliographic metadata that I am archiving at WWW2009 EPrints) is in the public domain. If this is not the case, I accept full responsibility for any breach of copyright that distributing these files or metadata may entail.

Clicking on the deposit button indicates your agreement to these terms.