Galexia

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Authentication Technologies Resources

Adelsbach A, Gajek S and Schwenk J, Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures, Horst Gortz Institute for IT Security, 2005, <https://www.a-i3.org/content/category/7/51/130/>.

Alves-Foss J, Provably Insecure Mutual Authentication Protocols: The Two-Party Symmetric-Encryption Case, Centre for Secure and Dependable Software, University of Idaho, October 1999, <http://www.cs.uidaho.edu/~jimaf/docs/prov99.pdf>.

Amir Herzberg, TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks, September 2004, <http://eprint.iacr.org/2004/155.pdf>.

Archer P, The QUATRO approach to Transparency and Usability of Web Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/04-quatro-trust/>.

Bakker B, Mutual Authentication with Smart Cards, USENIX, 1999, <http://www.usenix.org/events/smartcard99/full_papers/bakker/bakker.pdf>.

Bellare M, Attacks on SHA-1, OATH, March 2005, <http://www.openauthentication.org/pdfs/Attacks on SHA-1.pdf>.

Chou N, Ledesma R, Teraguchi Y, Boneh D and Mitchell J C, Client-side defense against web-based identity theft, Stanford University Computer Science Department, February 2004, <http://crypto.stanford.edu/SpoofGuard/webspoof.pdf>.

Close T, Petname Tool: Enabling web site recognition using the existing SSL infrastructure, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/>.

Cloudmark, Cloudmark Anti-Phishing Services, 2006, <http://www.cloudmark.com/releases/docs/ds_anti-phishing_10470406.pdf>.

Cloudmark, Cloudmark Automated Feedback System Helps Service Providers & Customers Combat Messaging Threats, May 2006, <http://www.cloudmark.com/press/releases/?release=2006-05-30-01>.

Consumer and Business Affairs Victoria, Department of Justice, Web Seals Of Approval, January 2002, <http://www.consumer.vic.gov.au/CA256902000FE154/Lookup/CAV_Publications_Computers_Internet_Discussion_Papers/$file/WebSealsFinalReport.pdf>.

Deare S, Australia Post tests online identification service, ZDNet Australia, 6 September 2006, <http://www.zdnet.com.au/news/security/soa/Australia_Post_tests_online_identification_service/0,130061744,339270865,00.htm>.

Dhamija R and Tygar JD, The Battle Against Phishing: Dynamic Security Skins, Symposium On Usable Privacy and Security, July 2005, <http://cups.cs.cmu.edu/soups/2005/2005proceedings/p77-dhamija.pdf>.

Digital Resolve, Trusted Server™ Technology, 2006, <http://www.digital-resolve.net/solutions/trusted_server.html>.

Dreymann DT, CertifiedEmail™ – a New Trustworthy Messaging Class, W3C Workshop on Transparency and Usability of Web Authentication, 2006, <http://www.w3.org/2005/Security/usability-ws/papers/38-goodmail>.

Entrust, Securing What’s at Risk: A Common Sense Approach to Strong Authentication, 8 November 2005, <http://www.entrust.com/resources/download.cfm/22313/>.

Fette I, Sadeh N and Cranor L, Web Security Requirements: A Phishing Perspective, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/13-cmu-requirements>.

Financial Services Technology Consortium, Financial Industry Recommendations and Requirements for Better Mutual Authentication, June 12 2006, <http://fstc.org/projects/docs/Recommendations_and_Requirements_for_BMA_v1.0.pdf>.

Fraser N, The Usability of Picture Passwords, Tricerion, 2006, <http://www.tricerion.com/downloads/Usability-of-picture-passwords.pdf>.

Gabrilovich E and Gontmakher A, The Homograph Attack, February 2002, <http://www.cs.technion.ac.il/~gabr/papers/homograph_full.pdf>.

Gajek S and Schewnk J, Reversed Responsibilities: Browser Authentication instead of Server Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/09-dortmund-reverse/>.

GeoTrust, Identity Verification: Verified Domain™, 2005, <http://www.geotrust.com/products/identity_verification/verified_domain.asp>.

GeoTrust, True Site™: Identity Assurance for Web Sites, 2004, <http://www.geotrust.com/resources/product_pdfs/pdfs/TrueSite.pdf>.

Green Armor Solutions, Identity Cues Two Factor™ & Two Way Authentication, 2005, <http://www.greenarmor.com//DataSheets/Identity Cues Two Factor Data Sheet.pdf>.

Hall K, Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks and Consumer Fraud, April 2005, <http://www.geotrust.com/resources/white_papers/pdfs/SSLVulnerabilityWPcds.pdf>.

Hardmeier S, The Phishing Filter: Fighting the Modern Day Con Artist, Microsoft, 10 November 2005, <http://www.microsoft.com/windows/ie/community/columns/phishing.mspx>.

Hirsch F and Le Van Gong H A, Approaches to Simplify Server Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/07-nokia-and-sun/>.

Howarth F, Deploying psychology in the fight against phishing, Bloor Research, 15 July 2005, <http://www.it-director.com/article.php?articleid=12808>.

IBM, An overview of the SSL handshake, 2005, <http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/topic/com.ibm.mq.csqzas.doc/csshandshake.htm>.

IBM, How SSL provides authentication, 2005, <http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/topic/com.ibm.mq.csqzas.doc/cssauthentication.htm#cssauthentication>.

Iconix, How eMail ID Works, 2005, <http://www.iconix.com/learnmore.php>.

IEEE Security and Privacy, The TIPPI Point: Towards Trustworthy Interfaces, July 2005, <http://www.cs.dartmouth.edu/~sws/pubs/ss05a.pdf>.

Jakobsson GM and Myers S, Stealth Attacks and Delayed Password Disclosure, AI3, 2006, <https://www.a-i3.org/content/view/69/104/>.

Jones MB, The Identity Metasystem: A User-Centric, Inclusive Web Authentication Solution, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/28-jones-id-metasystem/>.

Keizer G, 5 Tools To Bulletproof Firefox, InformationWeek, 14 July 2006, <http://www.informationweek.com/shared/printableArticle.jhtml?articleID=190400479>.

Linn J, Kaliski B, Nyström M and Yung M, Applying Context to Web Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/03-rsa-context/>.

MacFarland A, Iconix Truemark Authentication Service Add More Trust into E-Business, The Clipper Group (Navigator), December 2005, <http://www.clipper.com/research/TCG2005078.pdf>.

Marchesini J and Smith S, Virtual Hierarchies – An Architecture for Building and Maintaining Efficient and Resilient Trust Chains, May 2002, <http://www.cs.dartmouth.edu/~sws/pubs/ms02.pdf>.

Merritt R, Crack in SHA-1 code 'stuns' security gurus, EETimes, February 2005, <http://eetimes.com/news/latest/showArticle.jhtml?articleID=60402150>.

Microsoft, How CA Certificates Work, 2003, <http://technet2.microsoft.com/WindowsServer/en/Library/0e4472ff-fe9b-4fa7-b5b1-9bb6c5a7f76e1033.mspx?mfr=true>.

Miller R, SSL's Credibility as Phishing Defense Is Tested, March 2004, <http://news.netcraft.com/archives/2004/03/08/ssls_credibility_as_phishing_defense_is_tested.html>.

Mysore SH, Web Authentication Today and For Tomorrow, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/25-mysore-webauth-today-tomorrow/>.

National Australia Bank, SMS Payment Security, 2007, <http://www.nab.com.au/Personal_Finance/0,,82833,00.html>.

National Consumers League, A Call for Action: Report from the National Consumers League Anti-Phishing Retreat, March 2006, <http://www.antiphishing.org/reports/200603_NCL_Phishing_Report.pdf>.

Nelson J and Jeske D, Limits to Anti-Phishing, W3C Workshop on Transparency and Usability of Web Authentication, 2006, <http://www.w3.org/2005/Security/usability-ws/papers/37-google>.

NetworkWorld Asia, Australia Post approves online banking, 21 February 2007.

Open Authentication Initiative, Mutual OATH: HOTP Extensions for mutual authentication, December 2005, <http://openauthentication.org/pdfs/draft-mraihi-mutual-oath-hotp-variants-00.pdf>.

Open Authentication Initiative, OATH Reference Architecture Release 1.0, 2005, <http://openauthentication.org/OATHReferenceArchitecturev1.pdf>.

Open Authentication Initiative, OATH Roadmap, November 2005, <http://openauthentication.org/pdfs/OATH Public Roadmap 2006.pdf>.

PCWorld, VeriSign Redesigns Trust Mark Seal, November 2003, <http://www.pcworld.com/news/article/0,aid,113264,00.asp>.

PhishCops, How Does PhishCops™ Work?, 2005, <http://www.phishcops.com/how.asp>.

Phoenix Technologies, Phoenix SPEKE – Strong Authentication for Devices, Networks, and Data, 2006, <http://www.phoenix.com/NR/rdonlyres/04BD87B1-F01A-449E-AE1E-743A7399A3C0/0/SPEKE_ds.pdf>.

Quatro, How to make your trustmark machine-readable using the Quatro system, May 2006, <http://www.quatro-project.org/howto/>.

Rivest LR, Separable Identity-Based Ring Signatures: Theoretical Foundations For Fighting Phishing Attacks, February 2005, <http://theory.lcs.mit.edu/~rivest/AdidaHohenbergerRivest-SeparableIdentityBasedRingSignatures.pdf>.

Rosenberg J, True Site™: Helping on-line companies create trusted brands so their site visitors feel confident enough to stay and pay, GeoTrust, November 2001, <http://www.geotrust.com/resources/white_papers/pdfs/TrueSiteWP.pdf>.

Rotondi D, A Server Authentication Procedure Proposal, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/06-rotondi-authentication/>.

RSA Security, Protecting Against Phishing by Implementing Strong Two-Factor Authentication, 2004, <http://www.indevis.de/dokumente/anti_phishing_rsa.pdf>.

Rubinoff S and Steinberg J, Key Human Factors Issues Surrounding Consumer Two Factor Authentication and Mutual Authentication, Green Armor Solutions, 11 July 2006.

Sestus Data Corporation, PhishCops™ White Paper, 2006, <http://www.phishcops.com/docs/pc51013-r.pdf>.

Staikos G, Improving Internet Trust and Security, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/33-staikos-improving-trust/>.

The Office of the Information and Privacy Commissioner/Ontario and The Office of the Federal Privacy Commissioner of Australia, Web Seals: A Review of Online Privacy Programs, September 2000, <http://www.privacy.gov.au/publications/seals.html>.

Transport Security Layer Working Group, The SSL Protocol Version 3.0, 1996, <http://wp.netscape.com/eng/ssl3/draft302.txt>.

Tricerion, Account Hijacking Prevention with the Tricerion Strong Mutual Authentication (SMA) Server, 2005, <http://www.tricerion.com/downloads/984_Tricerion_SMA__Account_Hijacking_Protection.pdf>.

Tricerion, Tricerion SMA Product Description, 2006, <http://www.tricerion.com/downloads/978_Tricerion_SMA_Product_Description.pdf>.

Tumbleweed Communications, Digital Certificate Validation in Public Key Infrastructures (PKI), and the Online Certificate Validation Protocol (OCSP), 2003, <http://tumbleweed.com/pdfs/tmwd_certvalidation_in_pki_wp.pdf>.

VeriSign VeriSign Unveils Newly Designed Security Trust Mark To Aid Consumers In Identifying Safe Web Sites To Shop This Holiday Season, 2003, <http://www.VeriSign.com/VeriSign-inc/news-and-events/news-archive/us-news-2003/page_200312181046341.html>.

VeriSign, The VeriSign Secured™ Seal Research Review, 2006, <http://www.VeriSign.com/static/013506.pdf>.

VeriSign, VeriSign Enhances Online Transaction Security With Mutual Authentication Solutions Leveraging Microsoft Internet Explorer 7 and ‘InfoCard’, February 2006, <http://www.verisign.com/verisign-inc/news-and-events/news-archive/us-news-2006/page_037034.html>.

Wade C, Financial Industry Requirements for Better Mutual Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/15-wade-financial>.

WiKID, WikID Mutual Authentication, 2006, <http://www.wikidsystems.com/product-info-downloads/technology/mutual_authentication/>.

WiKID, WiKID releases HTTPS Mutual Authentication, October 2005, <http://www.wikidsystems.com/WiKIDBlog/69>.

Willoughby M, OATH Swears Authentication is the Next Big Thing, Digital ID World, January 2005, <http://magazine.digitalidworld.com/Jan05/Page34.pdf>.

Wright K L, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/21-wright-position>.

Ye EZ, Yuan Y and Smith S, Web Spoofing Revisited: SSL and Beyond, Dartmouth College Department of Computer Science, February 2002, <http://www.cs.dartmouth.edu/~pkilab/papers/tr417.pdf>.

Zurko ME and Wilson D, Using History, Collaboration, and Transparency to Provide Security, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/19-zurko-history/>.

Zurko ME, User-Centered Security: Stepping Up to the Grand Challenge, IBM Software Group, 2005, <http://www.acsac.org/2005/papers/Zurko.pdf>.