Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

On the Usability of User Interfaces for Secure Website Authentication in Browsers

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6391))

Included in the following conference series:

Abstract

Public Key cryptography has become, in many environments, a fundamental building block for authentication purposes. Although many applications already support the usage of Public Key Certificates (PKCs), the usability of the many security features and their understanding by users is still not fully addressed. Moreover, with the increasing number of services offered via Internet and their impact on many aspects of everyday life of millions of users, the need to address usability of security is compelling. In our work we provide a usability study that highlights the status of the current User Interfaces (UIs) in browsers. In particular we focus our attention on the effectiveness of the messages related to website authentication. We also provide a set of guidelines aimed at improving the user experience and the incisiveness of security-related warnings. A prototype of a user interface is provided and analyzed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Cab forum homepage, http://www.cabforum.org

  2. OpenID Specifications, http://openid.net/developers/specs/

  3. Wikipedia. phishing, http://en.wikipedia.org/wiki/Phishing

  4. Abdullah, M.D.H., Abdullah, A.H., Ithnin, N., Mammi, H.K.: Towards identifying usability and security features of graphical password in knowledge based authentication technique. In: AMS 2008: Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS), pp. 396–403. IEEE Computer Society Press, Washington (2008)

    Google Scholar 

  5. Cova, M., Kruegel, C., Vigna, G.: There is no free phish: an analysis of ”free” and live phishing kits. In: WOOT 2008: Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, pp. 1–8. USENIX Association, Berkeley (2008)

    Google Scholar 

  6. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI 2006: Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581–590. ACM Press, New York (2006)

    Google Scholar 

  7. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: CHI 2008: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems,, Italy, pp. 1065–1074. ACM, New York (2008)

    Chapter  Google Scholar 

  8. Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans. Internet Technol. 8(4), 1–36 (2008)

    Article  Google Scholar 

  9. Hinds, C., Ekwueme, C.: Increasing security and usability of computer systems with graphical passwords. In: ACM-SE 45: Proceedings of the 45th annual southeast regional conference, pp. 529–530. ACM, New York (2007)

    Chapter  Google Scholar 

  10. Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An evaluation of extended validation and picture-in-picture phishing attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 281–293. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  11. Pala, M.: The PKI Resource Query Protocol (PRQP). Internet Draft (May 2009), http://www.ietf.org/internet-drafts/draft-ietf-pkix-prqp-03.txt

  12. Rabkin, A.: Personal knowledge questions for fallback authentication: security questions in the era of facebook. In: SOUPS 2008: Proceedings of the 4th symposium on Usable privacy and security, pp. 13–23. ACM, New York (2008)

    Google Scholar 

  13. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Dartmouth College, 6211 Sudikoff Laboratory, Hanover, NH, 03755, US

    Massimiliano Pala & Yifei Wang

Authors
  1. Massimiliano Pala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yifei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Research Council (C.N.R.), Istituto di Informatica e Telematica (IIT), Pisa Research Area, Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  2. Dept. Electrical Engineering-ESAT/COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pala, M., Wang, Y. (2010). On the Usability of User Interfaces for Secure Website Authentication in Browsers. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16441-5_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16440-8

  • Online ISBN: 978-3-642-16441-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation