R. Biddle, P. V. Oorschot, Andrew S. Patrick, J. Sobey, Tara Whalen
{"title":"浏览器接口和扩展验证SSL证书:实证研究","authors":"R. Biddle, P. V. Oorschot, Andrew S. Patrick, J. Sobey, Tara Whalen","doi":"10.1145/1655008.1655012","DOIUrl":null,"url":null,"abstract":"There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"85","resultStr":"{\"title\":\"Browser interfaces and extended validation SSL certificates: an empirical study\",\"authors\":\"R. Biddle, P. V. Oorschot, Andrew S. Patrick, J. Sobey, Tara Whalen\",\"doi\":\"10.1145/1655008.1655012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.\",\"PeriodicalId\":300613,\"journal\":{\"name\":\"Cloud Computing Security Workshop\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"85\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cloud Computing Security Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1655008.1655012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1655008.1655012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 85
摘要
面对各种攻击,人们对SSL证书和浏览器接口提供的安全性失去了信心。作为一种回应,随着扩展验证(EV) SSL证书的引入,基本SSL服务器证书被降级为二等证书。不幸的是,EV SSL证书可能会使有效地向普通用户传递证书信息这一已经很困难的设计挑战复杂化。本研究探讨了在最广泛部署的浏览器(Internet Explorer 7)中与SSL证书相关的界面,提出了一组可选择的界面对话框,并通过涉及40名参与者的用户研究比较了它们的有效性。研究发现,替代界面在信心、查找信息的便利性和理解便利性方面提供了统计上显著的改进。通过适度的重新设计所得到的结果表明,目前浏览器的用户界面还有很大的改进空间。这项工作促使人们进一步研究EV SSL证书是否为提高互联网信任提供了坚实的基础,还是进一步损害了普通用户的可用安全性。
Browser interfaces and extended validation SSL certificates: an empirical study
There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
