Affiliation:
1. Bar Ilan University, Ramat-Gan, Israel
Abstract
In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators.
We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site.
We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.
Funder
Israel Science Foundation
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference58 articles.
1. Anti-Phishing Working Group. 2006. Phishing activity trends report. http://www.antiphishing.org/reports/apwg_report_May2006.pdf. Anti-Phishing Working Group. 2006. Phishing activity trends report. http://www.antiphishing.org/reports/apwg_report_May2006.pdf.
2. Anti-Phishing Working Group. 2005. Phishing archive. http://www.antiphishing.org/. Anti-Phishing Working Group. 2005. Phishing archive. http://www.antiphishing.org/.
3. Client-side caching for TLS
4. Citibank Corporation. 2004. Learn about or report fraudulent e-mails. http://www.citibank.com/domain/spoof/report_abuse.htm. Citibank Corporation. 2004. Learn about or report fraudulent e-mails. http://www.citibank.com/domain/spoof/report_abuse.htm.
Cited by
69 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献