Title: MITIGATING MAN-IN-THE-BROWSER ATTACKS WITH HARDWARE-BASED AUTHENTICATION SCHEME

Issue Number: Vol. 1, No. 3
Year of Publication: Nov - 2012
Page Numbers: 204-210
Authors: Fazli Bin Mat Nor, Kamarularifin Abd Jalil, Jamalul-lail Ab Manan
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong

Abstract:


Lack of security awareness amongst end users when dealing with online banking and electronic commerce leave many client side application vulnerabilities open. Thus, this is enables attackers to exploit the vulnerabilities and launch client-side attacks such as man-in-the-browser attack. The attack is designed to manipulate sensitive information via client’s application such as internet browser by taking advantage of the browser’s extension vulnerabilities. This attack exists due to lack of preventive measurement to detect any malicious changes on the client side platform. Therefore, in this paper we are proposing an enhanced remote authentication protocol with hardware based attestation and pseudonym identity enhancement to mitigate man-in-the-browser attacks as well as improving user identity privacy.