Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable)

(Transcript of Discussion)
  • Richard Clayton
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)


I want to talk about the real world, where authentication protocols are extremely insecure, and I’m going to try and explain to you why phishing is so profitable.

Why does phishing work? Basically because con artists are really good at persuading people to do really dumb things – and we just have to face up to this. What’s changed recently is that in order to run a con you no longer need a printing press in the cellar to produce all the props. Anybody can produce web pages which look just as good as the professional stuff. But the really deep problem is that the underlying protocols are rubbish and that’s what my paper is about.


Authentication Protocol Secure Channel Aggregation Site Georgia Tech Bank Statement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Richard Clayton
    • 1
  1. 1.University of Cambridge, Computer Laboratory 

Personalised recommendations