Depress Phishing by CAPTCHA with OTP Chun-Ming Leung Department of Information Engineering The Chinese University of Hong Kong Shatin, N. T., Hong Kong [email protected]

Abstract—Addressing recent online banking threats, the main challenges are to enable safe online banking on a compromised host, and solving the general ignorance of security warning. There are costly hardware solutions proposed for login authentication to transaction verification. However, we are always looking for an usable solution with higher acceptance and less effort. CAPTCHA is primarily used to anti bot automated login, also, CAPTCHA base application can further provides secure PIN input against keylogger and mouse-logger for Bank’s customer[1]. However, assuming users are always unconscious of security warning, under this interesting condition, CAPTCHA alone is nothing to anti-phishing[2]. But, the CAPTCHA idea is still worth to be developed. In this paper, we present the Extended CAPTCHA Input System (ECIS), which we firstly extend the CAPTCHA idea to defend Real-Time Man-In-The-Middle(RT-MITM)attack[3] and our proposed CR-MITM attack[2]. The trick is to employ a moving CAPTCHA for input of OneTime-Password(OTP) with time restriction, which can depress MITM auto-relaying of information as well as human assisted MITM attack. Our solution reuses the large scale shipped OTP token which can save huge amount of money instead of re-design and shipping of a new hardware solution.

Keywords- Phishing; Man-In-The-Middle(MITM); CAPTCHA; Authentication; Online Banking; One Time Password I. I NTRODUCTION Since the first phishing term was record at 1996 which was hunting for free AOL account, phishing is having a increasing tendency over the years. It then evolutes to financial fraud quickly, as the criminals are always aim for high yield. Luckily, with the pursuit of online banking, the banking industry is always motivated to play a leading role in fighting phishing threat. However, the reported loss to Internet Crime such as phishing has broken its record each year, which was up to US$239 Million lost in 2007. It is telling us that we are still looking for a better solution. O NLINE BANKING AND AUTHENTICATION. The banking industry started to implement Digital Certificates in 2002, which the certification binding its public key together with an identity, but notice that it is a one-way authentication of the bank. However, the most trustful solution is always ignored by user [4]. An incident of HSBC on 4th March 2008, that one of the world biggest bank has forgotten to renew its Digital Certificate [5], but it claimed its online banking for their customers still not affected. As we can imagine how many users ignored the warning of invalid Digital Certificate and had their online banking as usual in that day. In the same time, Two-Factor authentication such as One-TimePassword(OTP) Security Token[6] is used to safeguard user away from passive password logging by Trojan in untrusted host or hunting by phishing website. But the solution is discovered risks suffer from Real-Time Man-In-The-Middle(RT-MITM) attack [3] in 2005. Which the RT-MITM can relay login creditential (included OTP) between victim and the bank in real time, as the collected login ID and password are then used to login to the bank simultaneously, phisher gains access. The scenario is also true for attacking SMS challenge code.

Beside of authenticate the user, there is also needed to authenticate the bank. In 2005, Bank of America(BoA) firstly role out SiteKey [7] to address the issue. However, the SiteKey was doubted it can achieve its target [8], since it obviously risks suffer from MITM attack. Recently, the idea of Human Interactive Proof(HIP) is used to fight against phishing [9] Recently, there is an application used in online Banking[1], however, the application may not achieve its initial goal when facing the rising threat of phishing techniques such as RTMITM [3]. To conclude, in the views of bank, authentication flaws are considered in risk management, which is balancing between security investment and possible loss. Although they have secure end-to-end hardware solutions, it is only available to valuable customers. CAPTCHA is the use of hard AI problem to distinguish Human and bot apart [10] which was originally evolved from Visual authentication and identification[11]. The primary use of CAPTCHA is to fight against auto-bot in Account Registration and Click Fraud. Also, it application can be used to authenticate a group of peoples sharing common knowledge or abilities[12]. However, CAPTCHA itself is hard to authenticate specific person by asking personal or professional question. In fact, visual human verifiable techniques(e.g. SiteKey[7]) are vulnerable to MITM attack[13]. Also, careless CAPTCHA implementation[1] can leads the application fail to achieve its mission. Our previous work[2] demonstrated CAPTCHA alone is nothing in defending MITM attack, such visual security depend on user conscious can not authenticate other end actually. Motivated by mitigating MITM attack, we propose Extended CAPTCHA Input System(E-CIS) which can withstand the described RT-MITM, by combining CAPTCHA and OTP, E-CIS can authenticate specific person, which can be used in secure online banking login scenario. A. Our contribution In this paper, we make the following contributions: 1) An Extended CAPTCHA Input System(E-CIS) is proposed, which can withstand the described Real Time MITM attack; 2) We conclude the abilities and limitations of CAPTCHA idea in anti-phishing; 3) Rom Browser: plus the use of E-CIS and OTP secure token, which is a cheap solution to further mitigate phishing threats. Our proposed solution is cost efficient which can reuses the shipped One Time Password token, the cost is much lower than the sum of re-design and shipping of new hardware solution. II. I NTRODUCTION OF M AN -I N -T HE -M IDDLE ATTACK In history, the earliest Man-In-The-Middle(MITM) Attack is a cryptographic term, where MITM has the following abilities:

Fig. 1.

Control Relaying - Man-In-The-Middle Attack (CR-MITM)

(1)Eavesdrops and Intercepts all messages going between the victims; (2)Relays messages between them. In short, MITM Attack make the victims believe that they are directly talking to each other in a direct connection without indicate the existence of middle man. One famous MITM attack on cryptographic Public Key Infrastructure(PKI) algorithm is the attack on initial version of DiffieHellman algorithm[14] in 1976, fixed by it advanced Authenticated Key Exchange(AKE) version[15] in 1992, Diffie etal. combine the use of Digital Signature and random number to authenticate each end parties. This lesson telling the fact that a secure protocol without actual authentication will risks suffer from MITM attack. MITM can be at user interface layer visually, Schneier [3] described a RT-MITM attack at user interface layer in 2005, which can defeat 2 factor secure token. In our previous work[2], we founded Control Relaying-Man In The Middle (CR-MITM) attack, a remote attack that can capture and relay user inputs without local Trojan assistant, which can possibly defeat CAPTCHA authentication system. A. CR-MITM attack Since CAPTCHA authentication system’s visual interface can be relayed. Hacker can employ a Remote Terminal Service, which project the hacker’s browser content to the Remote Desktop Client running on victim’s browser. (Fig. 1) Since the victim input on CAPTCHA authentication system is processed directly on hacker’s browser in real time. After the bank server verify the user creditential, hacker then gain access to online banking. The above is also true for Trojan compromised scenario, but our CR-MITM attack can capture and relay user inputs remotely without local Trojan assistant. M ITIGATION. We can start from the root of problem. Generally, to avoid MITM we can use hardware or trusted platform to perform destination validation by mean of cryptographic. However, it is always costly, and trusted platform is not widely deployed still. As the hypothesis of CR-MITM attack is base on victim conscious and visual interface relaying, if the design of application can depress those, it can possibly mitigate CR-MITM. III. E XTENDING THE IDEA OF CAPTCHA FOR AUTHENTICATION

As user general ignorance of CA cert validation warning, it seem there is no way to guarantee the security of online without a costly full hardware solution. Indeed, securing online banking by CAPTCHA is worth to be developed, as it is human verifyable that it is user friendlier than cryptography way, and its ability of distinguishes between human and bot can raise the cost of bot automatic attack; Motivated by the analysis of BEA CAPTCHA Input System defeated by RT-MITM[2], we further design an Extended CAPTCHA

Input System (E-CIS) for login process which we aim to mitigate the flaws in BEA’s design, and hence it can defends the described RT-MITM attack Consider the failure of CAPTCHA because of its relay-able property, in our design, the E-CIS will not be easily relayed and exploited by hacker. In our design, by combining OTP in movingCAPTCHA, the E-CIS requires the OTP Security Token owner to input the OTP by solving relevant CAPTCHA digits. We further propose several non-relay-able properties for the E-CIS application. The trick is to make hacker cannot automate the login by relaying the CAPTCHA to be solved by victim. Even for the case that hacker finally receive the answer of OTP, he still has to input the OTP to E-CIS manually. However the second manual input will cost extra time, but then the OTP will no longer valid after the client first manual input. In the end, attacker with timeouted OTP cannot gain access to Banking service. Given : In normal case, T imeInput (TInput )is the manual input time of OTP owner (TOwnerInput ) in valid OTP Time (Tv ). In RT-MITM case, since the E-CIS input cannot be automated, Attacker perform his manual OTP input (TAttackerInput ) after learned OTP from user, such that the input time is at least doubled (≥ 2TInput ). In our access control system, setting Tv < 2TOwnerInput , access will only be granted if TInput ≤ Tv in order to mitigate RT-MITM attack. To ensure the room is large enough to adapt various character recognition time of human, calibration of TOwnerInput is considered to improve security. A. Defending RT-MITM by Extended-CIS H YPOTHESIS. By utilizing OTP, setting an input authentication factor valid only in a short time that allow only one manual input time by the legitimate user, thus that the time induced for relayed login parameters input in RT-MITM scenario will not able to gain access. • Assuming CAPTCHA is not understandable for computer, or at least makes significant processing time to be understood by computer; And human resolver also takes time to recognize the CAPTCHA. • For One Time Password that is based on time-synchronization between the authentication server and the client. Consider calibration and customization may be needed for E-CIS scenario. • Input method should be specially designed to against Keylogger and Mouse-logger, so that the input creditential can be secret to attacker. It should resist to Visual Relaying that it can further avoid Trojan screen capturing and human resolver attack. P ROCEDURE. Client Login procedures through E-CIS(fig. 2): 1) Client connect to Bank Server by HTTP over SSL, request a logon input page 2) Bank generates an E-CIS on-the-fly with unique pre-share secret, CAPTCHA challenge (C); Then upload to user. The E-CIS perform a Reverse Turning Test(RTT) utilizing visual CAPTCHA: RT TCAP T CHA {C} 3) The E-CIS make a new HTTPS connection to bank server by build-in CertBank and Destination IP address of Bank server. 4) Client input his user ID, Password, and especially input OTP by mouse clicking on the floating CAPTCHA Digits in the E-CIS frame. • E-CIS show CAPTCHA Digits to Client C ← E-CIS : RT T {Ci }

Fig. 2.

Procedures: Login through E-CIS

Client recognize Digit from CAPTCHA challenge (Ci ) thought Human Visual System(HVS) Digiti = HV S {RT T {Ci }} • Client input OTP by selecting CAPTCHA Digit, E-CIS record client’s mouse pointer input at Time(Ti ) and Coordination(Cri ) OT Pi = {(T, Cr)i } 5) The selections of numbers are sent back to Bank in form of Time and Coordination encrypted by the Pre-Share Secret Key (SK). E-CIS → B : EncSK {(T, Cr)i } 6) Bank verify the OTP by decrypting the cipher by Pre-Share Secret Key (SK). OT Pi = DecSK {EncSK {(T, Cr)i }} 7) If passed, signal E-CIS to Transaction mode 8) Transaction of online banking will be done in the E-CIS application just like a virtual browser. P ROPERTIES. The properties of E-CIS are designed to against Trojan attacks, which should resist to key and mouse logging, included visual information relaying. Also, E-CIS should resist to session hijacking that hacker may try to steal the session of user application and perform his malicious transaction at any time. P ROPERTY 1: A NTI S ESSION H IJACKING . (fig. 3) The E-CIS is highly resist to RT-MITM, since MITM attacker gain nothing by cutting down client session during any authentication stages(E-CIS working Modes). 1) E-CIS select a Random Number RNa , and send it out encrypted by Bank public key P Kb . E-CIS → B : P Kb {RNb } Then Client E-CIS inits HTTPS connection to Bank server by itself. 2) Bank map E-CIS ID with RNa to SSL session(SSLSID ). then select a Random Number (RNb ) and send it out encrypted by Bank Private Key (SKb ) with RNa : E-CIS ← B : SKb {RNa , RNb } 3) E-CIS decrypt and verify RNa that ensure it is communicating with the Bank, and then lunch Input Mode; Then client inputs are sent to the Bank as previous described security protocol (Refer to figure 2). 4) Bank verify user creditential 5) If pass authentication, Bank send Pass Code signal to enable E-CIS enter Transaction mode E-CIS ← B : Code = SKb {RNa , RNb , P assCode} 6) E-CIS verify Pass Code. If pass, it will enter Transaction Mode.

Fig. 3.

Property 1: Anti Session Hijacking

•

(a) Design CAPTCHA Fig. 4.

of

Moving

(b) Initial Random Frame Displacement

Property 2: Anti-Logger and Anti-Relay

7) User can perform Banking transaction in E-CIS Transaction mode just like a browsing on a virtual browser. P ROPERTY 2: A NTI L OGGING AND R ELAYING . (fig. 4) • E-CIS will be downloaded as a browser plug-in application (e.g.Flash) embedded on the login pages. • For each E-CIS, the bank generates unique Pre-share Secret Key (SK) and CAPTCHA Challenge (C) associate with its E-CIS ID. • The CAPTCHA Challenge consists 2 parts, in our demo work, one is a CAPTCHA Digit(CD) and an Unique Floating Path(UFP)(fig. 4a). 1) The CAPTCHA Digit induce a hard AI problem to bot for automating input even hacker has some way phish for OTP creditential. 2) The Unique Floating Path (UFP) is to increase the cost of relaying login system information. As the unpredictable path induce second AI problem to bot beside of recognizing the CD, hence it depresses relaying since the cost of motion relaying is as costly as relay a video, which is not feasible for current computing power. Such attack is easy to be recognized and suspected by the victim. • When the E-CIS start Login Input Mode, suppose the ten CAPTCHA Digits will move according to their UFP inside an invisible boundary Frame. The Times and Coordination(inside the Frame) of CD selected by user are record and send encrypted by Pre-Share Secret Key. • Before displaying the Frame to user, the Frame will init a Random Frame Displacement(RFD)(fig. 4b) inside the E-CIS application, which is aimed to against mouse logger. Since the UFP of CD are distorted with a displacement, even hacker can relay his E-CIS to be solved by victim by logging the mouse movement and clicking, the externally captured coordination is not valid. ACHIEVEMENT. E-CIS is immune to key logger, mouser logger, information relaying, and session hijacking by its properties. It links

OTP input with human OTP owner by combining CAPTCHA and time restriction. It can mitigate the described RT-MITM attack which threatening CAPTCHA and 2-factor authentications system. G ENERALIZATION • Confidentiality is achieved by combining CAPTCHA input time with One Time Password time restriction, since the OTP is only valid up to first manual input time induced by the human security token owner. • A unique, independent, stateful E-CIS application: attacker cannot bypass CAPTCHA Challenge, nor hijack session, nor earn credit by decompilation and analysis of the application. C ONTRIBUTION • We firstly enable a CAPTCHA system to authenticate a specific human by linking OTP input with human OTP owner, and its time restriction. • Our login input system is software base, no installation needed, while mitigating the described RT-MITM on a security model included Trojan compromised host environment. B. Security Analysis In this section, an informal security analysis is provided, possible attacks against E-CIS are listed, and counter measures were done by the design of E-CIS. R EVERSE E NGINEERING . Hacker may try to decompile the E-CIS application and learn its pre-share secret included the CAPTCHA challenge inside. However, since the pre-share secret consist 2 parts: secret key(SK) and the Unique Floating Paths(UFP) of CAPTCHA digits, each E-CIS is uniquely generated with its unique pre-share secret and the E-CIS is only associated with one connection, and only valid for a given time. Learning the key and paths by decompilation cost huge amount of time but possibly gain nothing. Although it has a higher computational cost to generate E-CIS for each connection, indeed this is a trade off between security. R ELAYING . Attacker may find his way to relay a clone of his E-CIS to run on victim side, then log the mouse movement and clicking of victim to solve CAPTCHA challenge for them. However, each E-CIS Frame will induce a Random Frame Displacement when the E-CIS application starts running on browser. Since the Frame is displaced, the UFP of CD are distorted with the displacement, CD coordination captured at victim side is not valid on attacker side. It’s also work against Trojan scenario. Vice-versa, attacker may relay the motion of E-CIS CAPTCHA in form of video playing at victim side. However, the CPU processing and bandwidth limitation of playing a streaming video may notify victim is under attack. Beside, the time delay of encoding, transferring and playing E-CIS video is significant, that even the victim solves the OTP CAPTCHA challenge for attacker, however the OTP may no longer valid for the login session. Also, as the timing parameter (T) cannot be replayed, even client solve the CAPTCHA challenge by clicking on correct coordination in his video at time (Ti ), since the time in relayed video must has time delay (Δ) due to encoding-buffering-processing time, when the victim return the coordination information back to attacker, actually the E-CIS in attacker side is running in time Ti+Δ , where {Ti+Δ , Cri } pairs is not a valid answer of user OTP digit because of the addition TΔ . We will discuss about what tricks will be utilized to increase relaying cost in order to depress attacker in a Discussion subsection later. S ESSION H IJACKING . Since the authentication is protected by ECIS, attacker may try to hijacks authenticated session: As a powerful

network attacker may able to intercept the channel between ECIS and Bank. Or attacker may try to learn the parameters from connected session, then try to hijack the authenticated session of E-CIS Since E-CIS has 2 statuses of Modes: 1. Input Mode, and 2. Transaction Mode, As each E-CIS run independently and statefully, and the Random Number generated by each E-CIS is independent. Since the content are encrypted by its pre-share Secret Key (SK), there is no way to learn the exchanged Random Number. Finally, the transaction of online banking is done inside the E-CIS application just like a virtual browser, session information is kept inside E-CIS which is not depended on browser. Notice that, each E-CIS init its own HTTPS connection to Bank by it embedded Bank’s Public key (P Kb ), where SSL already protected the connection from session hijacking that each sides agreed on their random parameters for their secure channel. Also, the Bank can associate the unique E-CIS ID to SSL session ID(SSLSID ), if the Bank found same E-CIS ID init SSL connection with different SSLSID , an attack is detected. Where the (SSLSID ) is just used to identify the agreed security parameters for the SSL connection to save processing time of negotiation for multiple connection. H OST BASE H IJACKING . As victim host may be compromised by Trojan, in the worse case, a fully compromised machine can be taken over by attacker in any time. Attacker may try to logout the victim when E-CIS entered Transaction mode and do whatever he want violently. But it can be solved by further requesting the user to input his OTP by E-CIS to confirm his banking transaction, since the use of E-CIS is actually linking the client side application and OTP owner together, interactive of specific customer(OTP owner) can be guaranteed. C. Discussion Attacker is always want to let the victim to solve the CAPTCHA himself. To attack E-CIS, the main challenge should be the moving CAPTCHA digits. Obviously, attacker will try to relay the moving CAPTCHA digits in form of video at victim side in order to persuade victim to solve the remote challenge as at local, such as in CR-MITM or Trojan scenario. The key of successful MITM attack is the smooth relaying of video information. C OST OF R ELAY. The moving CAPTCHA Digits in E-CIS are working like a flash animation, although a flash animation can be a small size file, the relaying cost of flash animation is as costly as relaying a video[16]. Neil, etal[16] conducted related measurements when they are assessing Thin-Client Protocols, the related familiar applications are VNC in Linux, RDP in Windows. As the E-CIS running likes a flash animation, relaying cost is also as costly as relaying a video. From Neil’s measurement[16] results, which we only count the best thin-client protocols, to relay video with acceptable quality, a 34.75sec 24fps video with 352x240 resolution in 24bits color should requires at least 212MB data be transmitted over network, included at least 1sec additional playback time. Given the best performances of these protocols were recorded in LAN network of Fastetherent 100Mbps and least network latency. Applying those figure to simulate a CR-MITM attack on E-CIS: A 34.75s video requires a bandwidth of 48.8Mbps, which may not possible for an attack can be taken outside LAN network, that we believe most of the client side bandwidth for internet access may not reach that speed; Further considers the additional 1sec playback time, as it is induced by the time delay of encoding, transferring and playing of the scamming E-CIS video, the 1sec latency (TΔ ) is significant to fail the attack.

Although a smooth video streaming can be done by reducing frame rate and lowering color depth, it indeed sacrifice the quality. As scam is less convincing, it may alert the victim. Beside, the induced latencyTΔ may also lead to an invalid OTP answer. Summarizing the above, we can conclude CR-MITM attack may not possible to defeat our E-CIS in the nearest future. R ELAY BURDENING . As the success of visual scamming is depend on the visual quality displayed on victim side, we can raise the difficulties of attack by raising the relaying cost. By employing an E-CIS with interface of highest color bits and motion update in highest frame rate, e.g. 24-bits color and 24fps. If a visual relaying quality lower than those employments, user can be notified under an attack visually. Also, larger resolution of application require more bits to be transmitted, as most of the PCrunning higher than XGA resolution (1024x768), an E-CIS with 800x600 resolution or even higher can significantly multiple the transmitted bits. Consider graphical image can be compressed by encoding which can minimize the total data size, we can further design a colorful background or moving object in E-CIS application, e.g. An object with gradient color distribution which can be easily generated at local while hard to be compressed for relaying without color loss. D. Limitation and Drawback I NHERIT CAPTCHA PROPERTIES.The use of E-CIS will inherit user acceptance issues as in CAPTCHA system e.g. Visual CAPTCHA is not feasible for Blind user. We are not going to discuss here. P RACTICAL I SSUE. Since our E-CIS demonstration is base on Time Synchronous type OTP and its human input time with its valid period, the human input time are various for users, e.g. Old man input slower, Youth input faster. It is difficult to set a single valid time for all users. To make it practical, it should has a initial calibration customizing E-CIS valid time for each user, by taking average input time of first few login process. In our demonstration: In normal case, (Ti )is the manual input time for i th digit of OTP by owner, andthe OTP contains k digits of, then the total manual k T. input time is i=1 i Ideally, in RT-MITM that input time of Owner plus Attacker case, k is at least doubled (2 i=1 Ti ). However, powerful attacker may trick user to input on his dummy CIS that allow attacker to learn OTP digits one by one, that the additional input digit (Ti ), the worse ktime is just depend on thelast k input time is i=1 Ti + Tk . If setting < i=1 Ti + Tk be the valid access time, it is less adaptive to various character recognition time of legitimate users. Indeed, for practical issues in synchronization and calibration, we can also consider other form of OTP delivery such as SMS which the timing factor may be more deterministic. Also, other form of CAPTCHA challenge can be considered, as the spirit of E-CIS is to utilize the property of CAPTCHA that can only be solvable by human, combining the time restriction of OTP, then the E-CIS application can resist to automated MITM attack as well as human assisted attack. IV. ROM B ROWSER From the previous sections, the main security challenges in online banking at client side can be summarized as two things: Destination verification enforcement, and Trojan creditential thief.

In this section, we will present Rom-Browser, which combining E-CIS and OTP to further mitigate client side security threat for online banking. H YPOTHESIS • Destination verification can be done by CA certificate. If it can be enforced by default and not allow exception, it can mitigate violation due to user unconscious. • Application stored in read-only Rom(e.g. Read-only dump drive) can defend virus defection as well as Trojan. A customized browser only support HTTPS browsing with CA certificate enforcement can ensure the destination without threatened by Trojan. • Trojan creditential thief can be depressed by using E-CIS with OTP. Even user’s creditentials are lost to attacker, attacker can hardly gain access due to the strict time constraint of OTP. The procedure is simple: user plug-in Rom-Browser(e.g.USB read only dump drive) to host machine, and start browsing online banking website P ROPERTIES. Rom-Browser only support HTTPS connection, legitimate website with valid certificate will be verified and enforced by Rom-Browser. Rom-Browser will not allow browsing without valid certificate. Then, client authentication is done by E-CIS and OTP authentication system, then the rest of procedures are the same as in previous E-CIS section. A DVANTAGES. Rom-Browser enables secure browsing with destination verification and enforcement, which mitigates the issue of user unconscious. Rom application immune to Trojan defection. It is a complement to E-CIS, which can ensure the integrity of E-CIS downloaded, then the security is further enhanced by E-CIS. It is convenient as it is portable as OTP secure token. The employment cost of Rom-Browser is as low as a dump drive. Combined with E-CIS, we can provide cost efficient solution by reusing the shipped OTP token, which the cost is much lower than the sum of re-design and shipping of new hardware solution. V. R ELATED W ORK The issue of Anti-Phishing is a board one, and there is a rich literature on detection of spoofed emails, toolbars notifier, and also education field, which will not be reviewed here. Instead, the related works using HIP to authenticate human client, or enabling human verification of remote server will be discussed here. Szydlowski, etal [17] proposed a Secure Web Input Application utilizing the idea of CAPTCHA for user input confidentiality and integrity against local malicious code in transaction comfirmation. This is very similar to our approach such as graphical password cannot be understand by bot. Compare to us, their Input Application can just be used for transaction verification for integrity, which is still suffer from human assisted attack; Our work further depress human assisted attack as we utilize the time restriction of OTP, our approach can be used for login authentication. Chang [18] proposed a CAPTCHA Based OTP authentication system which is a hardware solution guarantee human participation. Sounded very similar to our approach, indeed their work is a hardware solution that a smart card holding private key for CAPTCHA image decryption by mean of visual cryptographic, and their use of OTP is mathematic basedIn comparison, our work is not just for guarantying human participation, it is feasible as it is software base, no private key issues, the use of time synchronous OTP is to further depress human assisted attack. Sakikar, etal [19] presented a CAPTCHA solution which embed public key information inside CAPTCHA, that client side can verify

the public key as well as the destination server. As compare to our, they requires client side installation, and their CAPTCHA challenges are customized for each user in database and create a specific image list pair for each client. Our E-CIS is a secure input method guarantee secure path and OTP owner participation. In our design, no installation; not client specific, no client image list revoke or recovery issues after attack, as well as database storage issue for growing number of customers. Dhamija, etal [9] presented an anti-phishing technique called Dynamic Security Skins, that allow remote server authenticate itself to client by matching unique image computed at client base on pre-shared secret. However, they rely on host integrity and client conscious, they require client side installation and key-distribution. Yee, etal [20] proposed a anti-phishing solution which the user even no need to remember site password and password will only be entered by Passpet browser plugin after domain verification, and the password is hashed and customized for each domain. However, it has a limitation that the auto-fill-in password is based on domain which risks suffer from pharming attack for non-SSL site. As compare to our work, we further consider client host is compromised, we need no installation, and not rely on client host integrity, which we eliminate the issues of password storage and mobility. We restrict access control by E-CIS depressing MITM attack, and our approach even not rely on client responsibility. Yahoo [21] and Bank of America [7] have their own site identification solution, although their mechanisms are different, but both of them are used to enable user visual verification of remote server by seeing user’s familiar image or string. Generally, both of them are just for visual site verification without protection of user creditential, which the verifications are heavily depend on user conscious. Under harsh security model, static visual interface can always be relayed easily, unconscious user still risk suffer from Trojan and MITM attack. In comparison, our E-CIS is designed to depress visual relaying by using motion CAPTCHA and OTP time restriction. For related hardware based solutions, we will not discuss here, but notice that most of them are propriety technologies, which are bulky, complex and costly with long manufacturing time. However still risk suffer from Trojan Horse attack[22]. In comparison, we propose a simple software based CIS solution plus One-Time-Password to fight against Real-Time MITM attacker as well as Trojan Horse combined online attack. Security algorithms can be revised easily on server side, our solution just reuse the existing client’s hardware token. VI. C ONCLUSION In this work, we reviewed Man-In-The-Middle(MITM) attacks which can even defeat CAPTCHA phishing protection. To mitigate the above MITM attacks, we designed an Extended CAPTCHA Input System (E-CIS), which we firstly enable a CAPTCHA system to authenticate a specific human by combining the use of OTP and its time restriction, and the design of E-CIS makes it highly resist to information relaying attack. The E-CIS is software base, no installation needed, it is feasible to be widely deployed as compare to costly hardware. Our solution reuses the large scale shipped OTP token, which can save huge amount of money instead of re-design and shipping of a new hardware solution. Rom Browser is suggested to use combine with our E-CIS solution, it is cost efficient that it can further enhance security by destination verification enforcement, while its cost is as cheap as a dump drive. We hope this work will encourages other attempt to optimization of CAPTCHA Input System, or even find more optimal candidate

of CAPTCHA type and it relative One Time Password. F UTURE W ORK . To make our work more practical, the future works are: (1) Build an E-CIS prototype by Adobe Flash.1 (2) Build a Rom Browser prototype on dump drive with switchable feature which can simulate a Rom by switch to Read Only(RO) mode. R EFERENCES [1] Bank of East Asia, “Case Study Cyberbanking by Bank of East Asia,” in Combating Phishing Attack - Challenges of phishing attack to banks. HKCERT: Combating Phishing Attacks Seminar, Dec 2004. [2] C.-M. Leung, “Visual security is feeble for Anti-Phishing,” in ICASID’09: IEEE International Conference on Anti-counterfeiting, Security, and Identification in Communication. IEEE, Aug. 2009. [Online]. Available: http://sites.google.com/site/lcmkov/ [3] B. Schneier, “Two-factor authentication: too little, too late,” Commun. ACM, vol. 48, no. 4, p. 136, 2005. [4] R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in CHI ’06: Proceedings of the SIGCHI conference on Human Factors in computing systems. New York, NY, USA: ACM, 2006, pp. 581–590. [5] T. Register, “Hsbc forgets to renew its digital certificate,” Mar 2008. [6] HSBC, “Security device,” in HSBC Personal Financial Services. HSBC.com, HSBC home&Away Privilege Programme, 2005. [7] Bank of America, “Bank of america announces industry-leading security feature for its 13.2 million online banking customers to help prevent fraud and identity theft,” May 2005. [8] T. Bauknight, “Passmark’s sitekey - answering the wrong question,” Jul 2005. [9] R. Dhamija and J. D. Tygar, “Phish and hips: Human interactive proofs to detect phishing attacks,” in In Human Interactive Proofs: Second International Workshop (HIP 2005, 2005, pp. 127–141. [10] L. von Ahn, M. Blum, N. J. Hopper, and J. Langford, “Captcha: Using hard ai problems for security,” in EUROCRYPT, 2003, pp. 294–311. [11] M. Naor and B. Pinkas, “Visual authentication and identification,” in CRYPTO, 1997, pp. 322–336. [12] S. Shirali-Shahreza, M. Shirali-Shahreza, and A. Movaghar, “Exam hip,” Anti-counterfeiting, Security, Identification, 2007 IEEE International Workshop on, pp. 415–418, 16-18 April 2007. [13] M. J. Christopher Soghoian, “A deceit-augmented mitm against bank of america’s sitekey service,” Oct 2007. [14] W. Diffie and M. Hellman, “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, no. 6, pp. 644–654, Nov 1976. [15] W. Diffie, P. C. V. Oorschot, and M. J. Wiener, “Authentication and authenticated key exchanges,” Des. Codes Cryptography, vol. 2, no. 2, pp. 107–125, 1992. [16] A. M. Lai and J. Nieh, “On the performance of wide-area thin-client computing,” ACM Trans. Comput. Syst., vol. 24, no. 2, pp. 175–209, 2006. [17] M. Szydlowski, C. Kruegel, and E. Kirda, “Secure input for web applications,” in ACSAC, 2007, pp. 375–384. [18] T.-L. Chang, “Captcha based one-time password authentication system,” Tsung-Lun Chang Master’s Thesis, Graduate Institute of Information Engineering, Feng Chia University, Taiwan, Jul 2006. [19] S. Saklikar and S. Saha, “Public key-embedded graphic captchas,” Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE, pp. 262–266, 10-12 Jan. 2008. [20] K.-P. Yee and K. Sitaker, “Passpet: convenient password management and phishing protection,” in SOUPS ’06: Proceedings of the second symposium on Usable privacy and security. New York, NY, USA: ACM, 2006, pp. 32–43. [21] Yahoo!Inc., “What is a sign-in seal,” in Yahoo Security Center. Yahoo.com, Yahoo Security Center, Aug 2006. [22] A. Spalka, A. B. Cremers, and H. Langweg, “Trojan horse attacks on software for electronic signatures,” Informatica (Slovenia), vol. 26, no. 2, 2002. [23] C.-M. Leung, “Demostration of E-CIS,” CM Leung research webpage, Dec. 2008. [Online]. Available: http://sites.google.com/site/lcmkov/

1 Notes: Our original work, figures and demonstration can be founded in project homepage[23].