Minimizing SSO Effort in Verifying SSL Anti-Phishing Indicators

In an on-line transaction, a user sends her personal sensitive data (e.g., password) to a server for authentication. This process is known as Single Sign-On (SSO). Subject to phishing and pharming attacks, the sensitive data may be disclosed to an adversary when the user is allured to visit a bogus server. There has been much research in anti-phishing methods and most of them are based on enhancing the security of browser indicator. This paper presents a completely different approach of defeating phishing and pharming attacks. Its method is based on encrypted cookie. It tags the sensitive data with the server's public key and stores it as a cookie on the user's machine.