Shining Chrome: Using Web Browser Personas to Enhance SSL Certificate Visualization

نویسندگان

  • Max-Emanuel Maurer
  • Alexander De Luca
  • Tobias Stockinger
چکیده

Average users lack the technical expertise to understand SSL certificates and security is not their primary goal. Thus, it is very hard to create a notable impact on user behavior using SSL-status indicators. However, with the introduction of web browser Personas (simple skins) as a possibility to change the browser's chrome, it becomes possible to provide a large status indicator without wasting screen real estate. In this work, we present an evaluation of Personas to represent the current SSL status combined with newly designed SSL warning messages, both in the lab and in the field. Results suggest that the concepts positively influenced security awareness.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The most recent SSL security attacks: origins, implementation, evaluation, and suggested countermeasures

Attacks have been targeting secure socket layer (SSL) from the time it was created especially because of its utmost importance in securing Web transactions. These attacks are either attacks exploiting vulnerabilities in the SSL protocol itself, or attacks exploiting vulnerabilities in the services that SSL uses, such as certificates and web browsers. While the attacks on SSL itself have been su...

متن کامل

A First Look at the CT Landscape: Certificate Transparency Logs in Practice

Many of today’s web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to compromised Certificate Authorities (CAs) and the certificates they generate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overal...

متن کامل

Poster: Man-in-the-Browser-Cache: Persisting HTTPS Attacks via Browser Cache Poisoning

When browsing the web using HTTPS, if a user Alice ignores, or clicks through, the browser’s SSL warnings of an invalid SSL certificate, she exposes her browser sessions to a Man-in-the-middle (MITM) attack, allowing attackers to intercept communication in the SSL channel. Recent work has measured the click-through rates for SSL warnings, indicating that more than 50% users click through SSL wa...

متن کامل

SSL Server Rating Guide for TLS Client Certificate Authentication Seminar Report for Research Seminar in Cryptography

This paper presents a list of tests that can be automatically run to verify the correct server configuration of TLS Client Certificate Authentication. A possible design for a testing engine with a web front-end is proposed to run these tests by a web browser without the need of browser extensions. Finally, a rating guide is proposed to summarize test results.

متن کامل

A Review on Wireless Transport Layer Security

Wireless Application Protocol (WAP) is one of the technical standards for information over a mobile wireless network. Mobile devices such as mobile phones that use the protocol have a WAP browser as a web browser. WTLS (wireless transport layer security) inherited from TLS (Transport Layer Security). WTLS uses similar semantics adapted for a low bandwidth mobile device. As compared to TLS main ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011