This paper presents the main results of a PhD thesis work aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks, and those exploiting technical flaws like buffer overflows, SQL injection, cross site scripting, etc. The key point of this model is the need for mutual authentication, instead of simply basing the security on the digital certificate of the financial entity.
展开▼