Protect the internet consumer’s identity against attacks by phishers

Abstract

Can users believe what their browsers tell them? Even sophisticated web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificated information and response time. In their seminal work on Web spoofing, (Felten-1996) showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions and Web Technology has evolved much since 1996. The web has since become the pre eminent medium for electronic service delivery to remote users, and the security of many commerce, government and an academic network application critically rests on the assumption that users can authenticate the servers with which they interact. This situation raises the question: is the browser-user communication model today secure enough to warrant this assumption?