arvutiteaduse instituudi lõputööde teemade register


Smart-ID resistance to phishing attacks
Organisatsiooni nimiCybersecurity
KokkuvõteIn the last year, Estonian banks experienced a wave of successful phishing attacks, where the victims were asked to authorize Smart-ID transactions made by the attacker. The security of Smart-ID protocol relies on the assumption that before confirming the transaction the Smart-ID holder will verify that (a) the control code shown in the Smart-ID app matches the control code shown on the web site; and (b) the service provider's identifier shown in the Smart-ID app corresponds to the service where the Smart-ID holder wants to authenticate.

The aim of this work is to analyze Smart-ID susceptibility to phishing attacks.

Possible tasks:
- Analyze publicly known Smart-ID phishing / scam cases.
- Analyze official recommendations for secure Smart-ID use.
- Run an experiment analyzing users' response when Smart-ID app shows wrong verification code or wrong service provider's identifier.
- Analyze possible technological solutions to improve Smart-ID resistance to phishing attacks.

Links:
https://www.ria.ee/en/news/phishing-campaigns-spread-estonian-cyberspace-november-and-there-were-two-denial-service.html
Lõputöö kaitsmise aasta2019-2020
JuhendajaArnis Paršovs
Suhtlemiskeel(ed)inglise keel
Nõuded kandideerijale
Tase
Märksõnad #acs
Kandideerimise kontakt
Nimi Arnis Paršovs
Tel
E-mail arnis@ut.ee
Vaata lähemalt https://acs.cs.ut.ee/


ati.study@lists.ut.ee