Abstract

Identity theft refers to the preparatory stage of acquiring and collecting someone else's personal information for criminal purposes. During the past few years, a very large number of people suffered adverse consequences of identity theft crimes. In this thesis, we investigate different methods and techniques that can be used to provide better protection against identity theft techniques that have some hi-tech relevance such as shoulder surfing of user's passwords and personal identification numbers (PINs), phishing and keylogging attacks. To address the shoulder surfing threat to traditional PIN entry schemes, two new PIN entry schemes are proposed. Both schemes achieve a good balance between security and usability. In addition, our analysis shows that these two schemes are resilient to shoulder surfing, given that the attacker has a limited capability in recording the login process. We also propose a click-based graphical password authentication scheme. This scheme aims at improving the resistance to shoulder surfing attacks while maintaining the merits of the click-based authentication solutions. It is also resilient to shoulder surfing attacks even if the attacker can record the entire login process for one time with a video device. Finally, in order to defend against online phishing attacks, we present a framework to strengthen password authentication using mobile devices and browser extensions. The proposed authentication framework produces a different password depending on the domain name of the login site. Besides defending against phishing attacks, this solution does not require any modifications at the server side