Abstract
Public Key cryptography has become, in many environments, a fundamental building block for authentication purposes. Although many applications already support the usage of Public Key Certificates (PKCs), the usability of the many security features and their understanding by users is still not fully addressed. Moreover, with the increasing number of services offered via Internet and their impact on many aspects of everyday life of millions of users, the need to address usability of security is compelling. In our work we provide a usability study that highlights the status of the current User Interfaces (UIs) in browsers. In particular we focus our attention on the effectiveness of the messages related to website authentication. We also provide a set of guidelines aimed at improving the user experience and the incisiveness of security-related warnings. A prototype of a user interface is provided and analyzed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Cab forum homepage, http://www.cabforum.org
OpenID Specifications, http://openid.net/developers/specs/
Wikipedia. phishing, http://en.wikipedia.org/wiki/Phishing
Abdullah, M.D.H., Abdullah, A.H., Ithnin, N., Mammi, H.K.: Towards identifying usability and security features of graphical password in knowledge based authentication technique. In: AMS 2008: Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS), pp. 396–403. IEEE Computer Society Press, Washington (2008)
Cova, M., Kruegel, C., Vigna, G.: There is no free phish: an analysis of ”free” and live phishing kits. In: WOOT 2008: Proceedings of the 2nd conference on USENIX Workshop on offensive technologies, pp. 1–8. USENIX Association, Berkeley (2008)
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI 2006: Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581–590. ACM Press, New York (2006)
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: CHI 2008: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems,, Italy, pp. 1065–1074. ACM, New York (2008)
Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans. Internet Technol. 8(4), 1–36 (2008)
Hinds, C., Ekwueme, C.: Increasing security and usability of computer systems with graphical passwords. In: ACM-SE 45: Proceedings of the 45th annual southeast regional conference, pp. 529–530. ACM, New York (2007)
Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An evaluation of extended validation and picture-in-picture phishing attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 281–293. Springer, Heidelberg (2007)
Pala, M.: The PKI Resource Query Protocol (PRQP). Internet Draft (May 2009), http://www.ietf.org/internet-drafts/draft-ietf-pkix-prqp-03.txt
Rabkin, A.: Personal knowledge questions for fallback authentication: security questions in the era of facebook. In: SOUPS 2008: Proceedings of the 4th symposium on Usable privacy and security, pp. 13–23. ACM, New York (2008)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy 2(5), 25–31 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pala, M., Wang, Y. (2010). On the Usability of User Interfaces for Secure Website Authentication in Browsers. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-16441-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16440-8
Online ISBN: 978-3-642-16441-5
eBook Packages: Computer ScienceComputer Science (R0)