arvutiteaduse instituudi lõputööde teemade register

Smart-ID resistance to phishing attacks
Organisatsiooni nimiCybersecurity
KokkuvõteIn the last year, Estonian banks experienced a wave of successful phishing attacks, where the victims were asked to authorize Smart-ID transactions made by the attacker. The security of Smart-ID protocol relies on the assumption that before confirming the transaction the Smart-ID holder will verify that (a) the control code shown in the Smart-ID app matches the control code shown on the web site; and (b) the service provider's identifier shown in the Smart-ID app corresponds to the service where the Smart-ID holder wants to authenticate.

The aim of this work is to analyze Smart-ID susceptibility to phishing attacks.

Possible tasks:
- Analyze publicly known Smart-ID phishing / scam cases.
- Analyze official recommendations for secure Smart-ID use.
- Run an experiment analyzing users' response when Smart-ID app shows wrong verification code or wrong service provider's identifier.
- Analyze possible technological solutions to improve Smart-ID resistance to phishing attacks.

Lõputöö kaitsmise aasta2019-2020
JuhendajaArnis Paršovs
Suhtlemiskeel(ed)inglise keel
Nõuded kandideerijale
Märksõnad #acs
Kandideerimise kontakt
Nimi Arnis Paršovs
Vaata lähemalt