Smart-ID resistance to phishing attacks
Organization
Cybersecurity
Abstract
In the last year, Estonian banks experienced a wave of successful phishing attacks, where the victims were asked to authorize Smart-ID transactions made by the attacker. The security of Smart-ID protocol relies on the assumption that before confirming the transaction the Smart-ID holder will verify that (a) the control code shown in the Smart-ID app matches the control code shown on the web site; and (b) the service provider's identifier shown in the Smart-ID app corresponds to the service where the Smart-ID holder wants to authenticate.
The aim of this work is to analyze Smart-ID susceptibility to phishing attacks.
Possible tasks:
- Analyze publicly known Smart-ID phishing / scam cases.
- Analyze official recommendations for secure Smart-ID use.
- Run an experiment analyzing users' response when Smart-ID app shows wrong verification code or wrong service provider's identifier.
- Analyze possible technological solutions to improve Smart-ID resistance to phishing attacks.
Links:
https://www.ria.ee/en/news/phishing-campaigns-spread-estonian-cyberspace-november-and-there-were-two-denial-service.html
The aim of this work is to analyze Smart-ID susceptibility to phishing attacks.
Possible tasks:
- Analyze publicly known Smart-ID phishing / scam cases.
- Analyze official recommendations for secure Smart-ID use.
- Run an experiment analyzing users' response when Smart-ID app shows wrong verification code or wrong service provider's identifier.
- Analyze possible technological solutions to improve Smart-ID resistance to phishing attacks.
Links:
https://www.ria.ee/en/news/phishing-campaigns-spread-estonian-cyberspace-november-and-there-were-two-denial-service.html
Graduation Theses defence year
2019-2020
Supervisor
Arnis Paršovs
Spoken language (s)
English
Requirements for candidates
Level
Keywords
Application of contact
Name
Arnis Paršovs
Phone
E-mail
See more