creators_name: Oiwa, Yutaka creators_name: Takagi, Hiromitsu creators_name: Watanabe, Hajime creators_name: Suzuki, Hirofumi type: conference_item datestamp: 2009-04-06 19:13:19 lastmod: 2009-04-07 14:03:01 metadata_visibility: show title: PAKE-based Mutual HTTP Authentication for Preventing Phishing Attacks ispublished: pub full_text_status: public pres_type: poster abstract: We developed a new Web authentication protocol with passwordbased mutual authentication which prevents various kinds of phishing attacks. This protocol provides a protection of user’s passwords against any phishers even if a dictionary attack is employed, and prevents phishers from imitating a false sense of successful authentication to users. The protocol is designed considering interoperability with many recent Web applications which requires many features which current HTTP authentication does not provide. The protocol is proposed as an Internet Draft submitted to IETF, and implemented in both server side (as an Apache extension) and client side (as a Mozilla-based browser and an IE-based one). Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection— Authentication General Terms: Security, Standardization. Keywords: Network protocol, Mutual authentication, HTTP. date: 2009-04 pagerange: 1143-1143 event_title: 18th International World Wide Web Conference event_location: Madrid, Spain event_dates: April 20th-24th, 2009 event_type: conference refereed: TRUE citation: Oiwa, Yutaka and Takagi, Hiromitsu and Watanabe, Hajime and Suzuki, Hirofumi (2009) PAKE-based Mutual HTTP Authentication for Preventing Phishing Attacks. In: 18th International World Wide Web Conference, April 20th-24th, 2009, Madrid, Spain. document_url: http://www2009.eprints.org/152/1/p1143.pdf