2FA-PP: 2nd factor phishing prevention

Authors: Enis Ulqinaku, Daniele Lain, and Srdjan Čapkun

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

Abstract

Two factor authentication (2FA) schemes provide strong user authentication guarantees and increase the security of a wide range of web services. However, 2FA schemes still largely remain vulnerable to phishing attacks in which attackers also phish users’ second factor (e.g., their OTP tokens).We propose 2FA-PP, a phishing detection scheme that protects users’ 2nd authentication factor from phishing attacks. 2FA-PP uses novel browser APIs that support direct communication between browsers and external devices (e.g., mobile phones) and enables the user’s phone to check the domain to which the user is connected. The second factor is then only made available to the user if he is accessing the correct domain. 2FA-PP can be combined with different 2FA schemes, both interactive, based onOTP, QR codes and non-interactive, based on device pairing or proximity.

Research Area: Users and Security

People

Dr. Enis Ulqinaku

Post-doc (2018 – 2021)

Decentralized Security AG

Dr. Daniele Lain

Post-doc

Prof. Srdjan Čapkun

Group Leader

BibTex

@inproceedings{ulqinaku2019fa-pp,
  author    = {Ulqinaku, Enis and Lain, Daniele and Capkun, Srdjan},
  title     = {{2FA-PP: 2nd factor phishing prevention}},
  booktitle = {Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks},
  address   = {Miami, FL, USA},
  year      = 2019,
  month     = may,
  publisher = {Association for Computing Machinery},
  doi       = {10.1145/3317549.3323404},
  url       = {https://doi.org/10.1145/3317549.3323404}
}

Research Collection: 20.500.11850/347169