Smart-ID resistance to phishing attacks

Organisatsiooni nimi
Cybersecurity
Kokkuvõte
In the last year, Estonian banks experienced a wave of successful phishing attacks, where the victims were asked to authorize Smart-ID transactions made by the attacker. The security of Smart-ID protocol relies on the assumption that before confirming the transaction the Smart-ID holder will verify that (a) the control code shown in the Smart-ID app matches the control code shown on the web site; and (b) the service provider's identifier shown in the Smart-ID app corresponds to the service where the Smart-ID holder wants to authenticate.

The aim of this work is to analyze Smart-ID susceptibility to phishing attacks.

Possible tasks:
- Analyze publicly known Smart-ID phishing / scam cases.
- Analyze official recommendations for secure Smart-ID use.
- Run an experiment analyzing users' response when Smart-ID app shows wrong verification code or wrong service provider's identifier.
- Analyze possible technological solutions to improve Smart-ID resistance to phishing attacks.

Links:
https://www.ria.ee/en/news/phishing-campaigns-spread-estonian-cyberspace-november-and-there-were-two-denial-service.html
Lõputöö kaitsmise aasta
2019-2020
Juhendaja
Arnis Paršovs
Suhtlemiskeel(ed)
inglise keel
Nõuded kandideerijale
Tase
Märksõnad
#acs

Kandideerimise kontakt

 
Nimi
Arnis Paršovs
Tel
E-mail
arnis@ut.ee
Vaata lähemalt
https://acs.cs.ut.ee/