Information Trust Institute (ITI) Calendar

Back to Listing

TSS Seminar: Tal Moran: "The Phish-Market Protocol: Securely Sharing Attack Data Between Competitors"

Event Type
Information Trust Institute
3401 Siebel Center
Nov 9, 2009   11:00 am  
Tal Moran, Harvard University
Originating Calendar
Information Trust Institute (ITI) archival calendar


A key way in which banks mitigate the effects of phishing is to remove fraudulent websites or suspend abusive domain names. This "take-down" is often

subcontracted to specialist companies.  Prior work has shown that these take-down companies refuse to share their "feeds" of phishing website URLs

with each other, and consequently, many phishing websites are not removed, because the company with the take-down contract remains unaware of their

existence.  The take-down companies are reluctant to exchange their feeds with each other, fearing that competitors with less comprehensive feeds

might "free-ride" off their efforts and stop investing resources to find new websites, as well as use the feeds to poach clients.

To help solve this problem, we propose the Phish-Market protocol, which enables companies with less comprehensive feeds to learn about websites

impersonating their own clients that are held by other firms. The protocol is designed so that the contributing firm is compensated only for those

websites affecting its competitor's clients and only those previously unknown to the receiving firm.  Crucially, the protocol does not reveal to the

contributing source which URLs are needed by the receiver, as this is viewed as sensitive information by take-down firms.

The main problem in designing this protocol is making it efficient enough to be used in practice (a naive approach using generic cryptographic

techniques would be completely infeasible).  I'll describe the ideas behind the cryptographic design and talk a little about our implementation:

Using the complete lists of phishing URLs obtained from two large take-down companies, our elliptic-curve-based implementation added a negligible

average 5-second delay to securely share URLs.

This is joint work with Tyler Moore.

link for robots only