The Game of Phishing
This addresses phishing attacks for internet users by offering a cryptographic solution, but it appears incremental as it builds on existing TLS and browser security concepts.
The paper tackles phishing attacks by proposing a browser-based authentication method that displays a login window with TLS certificate credentials and a user-browser shared secret image from the local hard disk, preventing counterfeit by phishing sites since sandboxed websites cannot access the image.
The current implementation of TLS involves your browser displaying a padlock, and a green bar, after successfully verifying the digital signature on the TLS certificate. Proposed is a solution where your browser's response to successful verification of a TLS certificate is to display a login window. That login window displays the identity credentials from the TLS certificate, to allow the user to authenticate Bob. It also displays a 'user-browser' shared secret i.e. a specific picture from your hard disk. This is not SiteKey, the image is shared between the computer user and their browser. It is never transmitted over the internet. Since sandboxed websites cannot access your hard disk this image cannot be counterfeited by phishing websites. Basically if you view the installed software component of your browser as an actor in the cryptography protocol, then the solution to phishing attacks is classic cryptography, as documented in any cryptography textbook.