TY - JOUR
T1 - Security and identification indicators for browsers against spoofing and phishing attacks
AU - Herzberg, Amir
AU - Jbara, Ahmad
PY - 2008/9/1
Y1 - 2008/9/1
N2 - In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.
AB - In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.
KW - Human-computer interaction
KW - Phishing
KW - Secure usability
KW - Web spoofing
UR - http://www.scopus.com/inward/record.url?scp=54049142548&partnerID=8YFLogxK
U2 - 10.1145/1391949.1391950
DO - 10.1145/1391949.1391950
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:54049142548
SN - 1533-5399
VL - 8
JO - ACM Transactions on Internet Technology
JF - ACM Transactions on Internet Technology
IS - 4
M1 - 16
ER -