Security and identification indicators for browsers against spoofing and phishing attacks

Amir Herzberg; Ahmad Jbara

doi:10.1145/1391949.1391950

Security and identification indicators for browsers against spoofing and phishing attacks

Amir Herzberg, Ahmad Jbara

Research output: Contribution to journal › Article › peer-review

82 Scopus citations

Abstract

In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.

Original language	English (US)
Article number	16
Journal	ACM Transactions on Internet Technology
Volume	8
Issue number	4
DOIs	https://doi.org/10.1145/1391949.1391950
State	Published - Sep 1 2008
Externally published	Yes

Keywords

Human-computer interaction
Phishing
Secure usability
Web spoofing

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1145/1391949.1391950

Cite this

@article{36a4d6f2c771473da4713d70f308ad8c,

title = "Security and identification indicators for browsers against spoofing and phishing attacks",

abstract = "In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.",

keywords = "Human-computer interaction, Phishing, Secure usability, Web spoofing",

author = "Amir Herzberg and Ahmad Jbara",

year = "2008",

month = sep,

day = "1",

doi = "10.1145/1391949.1391950",

language = "English (US)",

volume = "8",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery (ACM)",

number = "4",

}

TY - JOUR

T1 - Security and identification indicators for browsers against spoofing and phishing attacks

AU - Herzberg, Amir

AU - Jbara, Ahmad

PY - 2008/9/1

Y1 - 2008/9/1

N2 - In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.

AB - In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.

KW - Human-computer interaction

KW - Phishing

KW - Secure usability

KW - Web spoofing

UR - http://www.scopus.com/inward/record.url?scp=54049142548&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=54049142548&partnerID=8YFLogxK

U2 - 10.1145/1391949.1391950

DO - 10.1145/1391949.1391950

M3 - Article

AN - SCOPUS:54049142548

SN - 1533-5399

VL - 8

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

IS - 4

M1 - 16

ER -

Security and identification indicators for browsers against spoofing and phishing attacks

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this