{"title":"用于验证和检测来电显示欺骗攻击的一次性密钥颁发","authors":"Narongsak Sukma, R. Chokngamwong","doi":"10.1109/JCSSE.2017.8025898","DOIUrl":null,"url":null,"abstract":"Caller ID has been used to tell the recipient who is calling before answering the call. In fact, nowadays using just Caller ID is not enough to proof the real caller since there are several ways to manipulate the caller identity. There are number of solutions to proof the caller e.g. using Time base, SMS base, or hardware. Even using DSA and CA, it can lead to data leak or inconsistent verification processing. The One-time password practices can mitigate the risk of Man-in-the-middle attacks because SSL has vulnerability assessment that can lead to MITM or man in the middle attack. The attacker can intercept SSL verification process between Server and client for sniffing then spoofing. It would be better if we can find a solution that does not rely on CA, Third party and/or external hardware. In this paper, we propose the solution with self-controlled security and one-time key issue to avoid data leak. The one-time key issuance is a good solution for verification and detecting caller ID Spoofing attacker through this methodology since it does not rely on third-party CA and store certification anywhere. This solution provides the best of key management as the one-time secret key is used. Results from our test lab show effectively verification rates and good performance where resource and power consumption are not impacted.","PeriodicalId":6460,"journal":{"name":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","volume":"77 1","pages":"1-4"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"One time key Issuing for Verification and Detecting Caller ID Spoofing Attacks\",\"authors\":\"Narongsak Sukma, R. Chokngamwong\",\"doi\":\"10.1109/JCSSE.2017.8025898\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Caller ID has been used to tell the recipient who is calling before answering the call. In fact, nowadays using just Caller ID is not enough to proof the real caller since there are several ways to manipulate the caller identity. There are number of solutions to proof the caller e.g. using Time base, SMS base, or hardware. Even using DSA and CA, it can lead to data leak or inconsistent verification processing. The One-time password practices can mitigate the risk of Man-in-the-middle attacks because SSL has vulnerability assessment that can lead to MITM or man in the middle attack. The attacker can intercept SSL verification process between Server and client for sniffing then spoofing. It would be better if we can find a solution that does not rely on CA, Third party and/or external hardware. In this paper, we propose the solution with self-controlled security and one-time key issue to avoid data leak. The one-time key issuance is a good solution for verification and detecting caller ID Spoofing attacker through this methodology since it does not rely on third-party CA and store certification anywhere. This solution provides the best of key management as the one-time secret key is used. Results from our test lab show effectively verification rates and good performance where resource and power consumption are not impacted.\",\"PeriodicalId\":6460,\"journal\":{\"name\":\"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)\",\"volume\":\"77 1\",\"pages\":\"1-4\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/JCSSE.2017.8025898\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JCSSE.2017.8025898","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
One time key Issuing for Verification and Detecting Caller ID Spoofing Attacks
Caller ID has been used to tell the recipient who is calling before answering the call. In fact, nowadays using just Caller ID is not enough to proof the real caller since there are several ways to manipulate the caller identity. There are number of solutions to proof the caller e.g. using Time base, SMS base, or hardware. Even using DSA and CA, it can lead to data leak or inconsistent verification processing. The One-time password practices can mitigate the risk of Man-in-the-middle attacks because SSL has vulnerability assessment that can lead to MITM or man in the middle attack. The attacker can intercept SSL verification process between Server and client for sniffing then spoofing. It would be better if we can find a solution that does not rely on CA, Third party and/or external hardware. In this paper, we propose the solution with self-controlled security and one-time key issue to avoid data leak. The one-time key issuance is a good solution for verification and detecting caller ID Spoofing attacker through this methodology since it does not rely on third-party CA and store certification anywhere. This solution provides the best of key management as the one-time secret key is used. Results from our test lab show effectively verification rates and good performance where resource and power consumption are not impacted.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
