Saved in:
Bibliographic Details
Main Authors: Varshney, Gaurav, Raj, Akanksha, Sangwan, Divya, Abuadbba, Sharif, Mishra, Rina, Gao, Yansong
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.09564
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911052919209984
author Varshney, Gaurav
Raj, Akanksha
Sangwan, Divya
Abuadbba, Sharif
Mishra, Rina
Gao, Yansong
author_facet Varshney, Gaurav
Raj, Akanksha
Sangwan, Divya
Abuadbba, Sharif
Mishra, Rina
Gao, Yansong
contents Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users to avoid falling victim to phishing attacks. Most of this research over the years has been highly diverse and application-oriented, often serving as standalone solutions for HTTP clients, servers, or third parties. However, limited work has been done to develop a comprehensive or proactive protocol-oriented solution to effectively counter phishing attacks. Inspired by the concept of certificate transparency, which allows certificates issued by Certificate Authorities (CAs) to be publicly verified by clients, thereby enhancing transparency, we propose a concept called Page Transparency (PT) for the web. The proposed PT requires login pages that capture users' sensitive information to be publicly logged via PLS and made available to web clients for verification. The pages are verified to be logged using cryptographic proofs. Since all pages are logged on a PLS and visually compared with existing pages through a comprehensive visual page-matching algorithm, it becomes impossible for an attacker to register a deceptive look-alike page on the PLS and receive the cryptographic proof required for client verification. All implementations occur on the client side, facilitated by the introduction of a new HTTP PT header, eliminating the need for platform-specific changes or the installation of third-party solutions for phishing prevention.
format Preprint
id arxiv_https___arxiv_org_abs_2507_09564
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Login Page Transparency and Visual Similarity Based Zero Day Phishing Defense Protocol
Varshney, Gaurav
Raj, Akanksha
Sangwan, Divya
Abuadbba, Sharif
Mishra, Rina
Gao, Yansong
Cryptography and Security
Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users to avoid falling victim to phishing attacks. Most of this research over the years has been highly diverse and application-oriented, often serving as standalone solutions for HTTP clients, servers, or third parties. However, limited work has been done to develop a comprehensive or proactive protocol-oriented solution to effectively counter phishing attacks. Inspired by the concept of certificate transparency, which allows certificates issued by Certificate Authorities (CAs) to be publicly verified by clients, thereby enhancing transparency, we propose a concept called Page Transparency (PT) for the web. The proposed PT requires login pages that capture users' sensitive information to be publicly logged via PLS and made available to web clients for verification. The pages are verified to be logged using cryptographic proofs. Since all pages are logged on a PLS and visually compared with existing pages through a comprehensive visual page-matching algorithm, it becomes impossible for an attacker to register a deceptive look-alike page on the PLS and receive the cryptographic proof required for client verification. All implementations occur on the client side, facilitated by the introduction of a new HTTP PT header, eliminating the need for platform-specific changes or the installation of third-party solutions for phishing prevention.
title A Login Page Transparency and Visual Similarity Based Zero Day Phishing Defense Protocol
topic Cryptography and Security
url https://arxiv.org/abs/2507.09564