Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/48583
Title: Design and development of TLS-SRP Firefox extension to support trusted login
Authors: Chua, Yong Keong.
Keywords: DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Issue Date: 2012
Abstract: To combat against phishing, several techniques including Certificate Authority Based (CA) Hypertext Transfer Protocol with SSL/TLS (HTTPS), 2 Factor Authentication (2FA) and Anti-phishing software are currently adopted. However, the problem of phishing still persists and this questions the effectiveness against phishing and the issue of why users are still susceptible to phishing attacks. Through analysing the current techniques used against phishing, it is observed that flaws on the current techniques do exist, and by leveraging on gullibility of users, phishing attacks can still be executed. Thus, leading to conclusion that authentication as claimed to be secure by financial sector is not that fortifying against phishing attacks. This project explores the extension of Mozilla Firefox to implement an authentication protocol called Secure Remote Password (SRP) Protocol, and a trusted login User Interface (UI). The SRP protocol will be implemented above the Transport layer of the Open System Interconnection (OSI) model using the existing library, Secure Remote Password - Transport Layer Security (SRP-TLS). By having a separated protocol from HTTPS, the choice of cipher suite by the server will be restricted to only SRP-TLS. Most of the implementations are coded using Mozilla Firefox’s unique development environment which includes XUL and JavaScript languages. With SRP-TLS library only available in C++, Cross Platform Component Objective Model (XPCOM) has to be used to integrate the C++ modules into the extension.
URI: http://hdl.handle.net/10356/48583
Schools: School of Computer Engineering 
Research Centres: Centre for Multimedia and Network Technology 
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
SCE11-0292.pdf
  Restricted Access
6.46 MBAdobe PDFView/Open

Page view(s) 20

670
Updated on Jun 22, 2024

Download(s) 50

30
Updated on Jun 22, 2024

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.