phad- a phishing avoidance and detection tool using invisible digital watermarking

PHAD- A Phishing Avoidance and

Detection Tool Using Invisible Digital

Watermarking

By Sonali Batra

Web 2.0 Security and Privacy 2014


What is Phishing & Phishing TrendsWhat is Phishing & Phishing Trends

A form of social engineeringPhishers send fake site's url in spam mailA huge problem!Number of unique phishing sites in Sept 2013 alone – 45,115 ( 56.22% contain some form of target name in url)Number of unique phishing email reports received by APWG - 56,767


PHAD – A Phishing Avoidance and Detection ToolPHAD – A Phishing Avoidance and Detection Tool

Downloadable extension to Firefox browser.Uses invisible digital watermarking.Uses uniqueness of domain name of website.Uses robust digital watermarking.Implemented using Outguess – a universal steganographic tool.Based on observation that some phishers copy content of legitimate sites like source code and images to use in fake site.


Working of PHADWorking of PHAD

Companies invisibly watermark their logo images with the domain names of their websites.When phisher copies the image, the watermark travels along with it.Browser on client side detects watermark and compares to domain name.If both match, website is legitimate else website is phished.


Related WorkRelated Work

Huajun Huang, Yaojun wang, Lili Xie and Liqing Jiang.An Active Anti-phishing Solution Based on Semi- fragile Watermark.Watermark concatenation of domain name and other parameters into source code of website by equal tag method.Can easily be reversed if phisher is aware of scheme.


DisclaimerDisclaimer

PHAD is intended to serve only as a first defense and not as a complete filter.Artistic hackers having plenty of time on their hands could make a similar looking logo.If a phisher has access to the client watermark detection software, a phisher could observe it to remove watermark. Then re-watermark image.No known software exists to automate this yet.PHAD significantly increases effort required by phisher.


A Few QuestionsA Few Questions

What if phisher takes screenshot or photograph of image? - watermark shall persist across screenshots and good quality photographsWhat if a company has multiple domain names? Eg google.in and google.us – We shall watermark all the domain names into the image. The client checks if at least one matches the extracted watermark.What if a company has multiple logos? - All domain names watermarked in all logos.



What if a website wants to embed logo of another company in its webpage? eg. CNN runs a story on Google or Facebook.Multiple images allowed on page.Company having highest ratio of images compared to domain name.



What if a website has two or more watermarked images? - The company having the highest ratio shall be compared to domain name.Instead, if both of images were to be compared, PHAD would fail. This is because attacker could put original image with watermark of company and her own image with her own fake site's watermark (which would match domain name of fake site)



How is this better than using Https?Users are not aware that url should be preceded by https instead of http.No single point of failure.Https can be used as added security measure along with PHAD.


Future WorkFuture Work

Implement scheme for other browsers and other operating systems instead just firefox and linux.Audit top 20 banks and top 100 websites to see if they would be able to use this approach or not.Conduct a 'Wizard of Oz' study to demonstrate that users like and understand the approach.


Questions???Questions???

phad- a phishing avoidance and detection tool using invisible digital watermarking

Documents

watermark of company

watermark travels

extracted watermark

rewatermark image

multiple domain names

uniqueness of domain

semi fragile watermark

phishing avoidance