Advanced search
Publication Cover
HKIE Transactions Volume 18, 2011 - Issue 4: The HKIE Outstanding Paper Award for Young Engineers/Researchers 2011
Journal homepage
40
Views
0
CrossRef citations to date
0
Altmetric
Shortlisted Papers

CAPTCHA in Security ECIS: Depress Phishing by CAPTCHA with OTP

Leung Chun Ming Faculty of Advanced Technology, University of Glamorgan
Pages 18-31 | Received 31 Mar 2011, Accepted 29 Jun 2011, Published online: 09 Apr 2013

References

  • Adobe, Adobe Flash Player 9 Security. Adobe Systems - White Papers (2008). Retrieved 15 April, 2009.
  • Adobe Flex.org. Flex is a developer toolkit for building exceptional rich Internet applications on the Flash platform. Adobe Systems Incorporated, USA (2010). Retrieved August 2010 from Adobe Flex.org.
  • Arora, A., Statistics Hacking - Exploiting Vulnerabilities in News Websites. IJCSNS International Journal of Computer Science and Network Security. Volume 7, No 3. (2007).
  • At&t Lab, Cambridge, VNC - Virtual Network Computing from AT&T Laboratories Cambridge. AT&T Laboratories Cambridge. (1999). Retrieved 20 September, 2009.
  • Bank of America, Bank of America announces industry-leading security feature for its 13.2 million online banking customers to help prevent fraud and identity theft. Bank of America Press Releases. Bank of America (2005).
  • BEA, Case Study Cyberbanking by Bank of East Asia. Combating Phishing Attack - Challenges of phishing attack to banks. HKCERT: Combating Phishing Attacks Seminar. (2004).
  • Chang, T.L., Captcha based one-time password authentication system. Tsung- Lun Chang Master’s Thesis. Graduate Institute of Information Engineering, Feng Chia University, Taiwan. (July, 2006).
  • Dhamija, R., Tygar, J.D., Phish and hips: Human interactive proofs: to detect phishing attacks. In Human Interactive Proofs: Second International Workshop (HIP 2005). pp127–141. (2005).
  • Dhamija, R., Tygar, J.D., Hearst, M., Why phishing works. CHI’06: Proceedings of the SIGCHI conference on Human Factors in computing systems. pp581–590. ACM. New York, USA. (2006).
  • FFIEC, FFIEC Releases Guidance on Authentication in Internet Banking Environment. FFIEC Press Release. The Federal Financial Institutions Examination Council. (2005).
  • Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E., Loud and clear: Human-verifiable authentication based on audio. ICDCS’06: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems. p10. IEEE Computer Society. Washington, DC, USA (2006).
  • Hamza, M.K. (ed), Artificial Intelligence and Soft Computing, July 24–26, 2000, Banff, Alberta, Canada. IASTED/ACTA Press. (2000).
  • Helander, J., Zorn, B., Medina: Combining evidence to build trust. Web 2.0 Security & Privacy 2007. (May, 2007).
  • Hiltgen, A., Kramp, T., Weigold, T., Secure internet banking authentication. Security & Privacy. IEEE. Volume 4, No 2, pp21–29. (2006).
  • HKMA, Launch of two-factor authentication for internet banking. HKMA Press Releases. The Hong Kong Monetary Authority. (2005).
  • HSBC, HSBC Online services - Digital Certificates. (2002). Retrieved from HSBC. co.uk.
  • HSBC, Security device. HSBC Personal Financial Services. (2005). Retrieved from HSBC.com, HSBC home&Away Privilege Programme.
  • Kochanski, G., Lopresti, D., Shih, C., A reverse turing test using speech. Proceedings of the International Conference on Spoken Language Processing (ICSLP’02). pp1357–1360. (2002).
  • Lai, A.M., Nieh, J., On the performance of wide-area thin-client computing. ACM Trans. Comput. Syst. Volume 24, No 2, pp175–209. (2006).
  • Leung, C.M., Depress phishing by CAPTCHA with OTP. ICASID’09: IEEE International Conference on Anti-counterfeiting, Security, and Identification in Communication. IEEE. (2009a).
  • Leung, C.M., Visual security is feeble for Anti-Phishing. ICASID’09: IEEE International Conference on Anti-counterfeiting, Security, and Identification in Communication. IEEE. (2009b).
  • Leung, C.M., Demonstration of ECIS. (2010). Retrieved 20 September, 2010 from Chun-Ming Leung Research Webpage.
  • Lloyds TSB, Lloyds TSB ClickSafe. UK (2010). Retrieved 25 August, 2010 from Lloyds TSB offical website, ClickSafe, Lloyds TSB Bank plc.
  • Mannan, M., van Oorschot, P.C., Using a personal device to strengthen password authentication from an untrusted computer. Financial Cryptography. pp88–103. (2007).
  • McCune, J.M., Perrig, A., Reiter, M.K., Bump in the ether: a framework for securing sensitive user input. ATEC’06: Proceedings of the annual conference on USENIX’06 Annual Technical Conference. p17. USENIX Association. Berkeley, CA, USA (2006).
  • Naor, M., Pinkas, B., Visual authentication and identification. CRYPTO. pp322–336. (1997).
  • Naumann, A.B., Franke, T., Bauckhage, C., Investigating captchas based on visual phenomena. INTERACT’09: Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction. pp745–748. Springer-Verlag. Berlin, Heidelberg. (2009).
  • OneStat, Wide screen resolutions extremely popular. OneStat Website Statistics and website metrics - Press Room. (2008). Retrieved 20 September, 2010.
  • PPS-HK, PPS Shop&Buy Service: Second factor authentication. EPS Company (Hong Kong) Limited and Hong Kong Telecommunications (HKT) Limited. Hong Kong. (2010). Retrieved 25 August, 2010 from PPS Shop&Buy Service, PPS HK official website. 30.
  • RSA-Lab, RSA SecurID. EMC2 RSA Lab. (1988).
  • Saklikar, S., Saha, S., Public key-embedded graphic captchas. Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE. pp262–266. (2008).
  • Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I., The emperor’s new security indicators. Security and Privacy, 2007. SP’07. IEEE Symposium on. pp51–65. (2007).
  • Schneier, B., Two-factor authentication: too little, too late. Communications of the ACM. Volume 48, No 4, p136. (2005).
  • Shirali-Shahreza, S., Shirali-Shahreza, M., A new human interactive proofs system for deaf persons. Information Technology: New Generations, 2008. ITNG 2008. Fifth International Conference on. pp807–810. (2008a).
  • Shirali-Shahreza, S., Shirali-Shahreza, M., Movaghar, A., Exam hip. Anticounterfeiting, Security, Identification, 2007 IEEE International Workshop on. pp415–418. (2007).
  • Shirali-Shahreza, S., Shirali-Shahreza, M.H., Bibliography of works done on captcha. Intelligent System and Knowledge Engineering, 2008. ISKE 2008. 3rd International Conference. Volume 1, pp205–210. (2008b).
  • Soghoian, C., Jakobsson, M., A Deceit-Augmented MITM Against Bank of America’s SiteKey Service. StopPhishing.com, Indiana University. (2007).
  • Spalka, A., Cremers, A.B., Langweg, H., Trojan horse attacks on software for electronic signatures. Informatica (Slovenia). Volume 26, No 2. (2002).
  • Suo, X., Zhu, Y., Owen, G.S., Graphical passwords: A survey. ACSAC. pp463–472. (2005).
  • Szydlowski, M., Kruegel, C., Kirda, E., Secure input for web applications. ACSAC. pp375–384. (2007).
  • Visa Europe, Visa CodeSure Card. (2010). Retrieved 25 August, 2010 from Innovation, About us, Visa Europe official Website.
  • Von Ahn, L., Blum, M., Hopper, N., Langford, J. CAPTCHA. Carnegie Mellon University. (2000). Retrieved from http://www.captcha.net, the Official CAPTCHA Site.
  • Von Ahn, L., Blum, M., Hopper, N.J., Langford, J., Captcha: Using hard ai problems for security. EUROCRYPT. pp294–311. (2003).
  • Weir, C.S., Douglas, G., Richardson, T., Jack, M., Usable security: User preferences for authentication methods in ebanking and the effects of experience. Interacting with Computers. Volume 22, No 3, pp153–164. (2010).
  • Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N., Authentication using graphical passwords: effects of tolerance and image choice. SOUPS’05: Proceedings of the 2005 symposium on Usable privacy and security. pp1–12. ACM. New York, USA (2005).
  • Wilkins, J., Strong CAPTCHA Guidelines (version 1.2). (2009). Retrieved 15 June, 2010 from Bitland.Net Security Notes.
  • Woolfe, R., Videotex - the new television-telephone information services. Heyden & Son Ltd. (1980).
  • Yahoo!Inc, What is a sign-in seal. Yahoo Security Centre. (2006). Retrieved from Yahoo.com.
  • Yan, J., Bot, Cyborg and Automated Turing Test. The Fourteenth International Workshop on Security Protocols. Cambridge, UK (2006).
  • Yee, K.P., Sitaker, K., Passpet: convenient password management and phishing protection. SOUPS’06: Proceedings of the second symposium on Usable privacy and security. pp32–43. ACM. New York, USA (2006).

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.