[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2004/155

Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks

Amir Herzberg and Ahmad Gbara

Abstract

In spite of the use of standard web security measures (SSL/TLS), users enter sensitive information such as passwords into scam web sites. Such scam sites cause substantial damages to individuals and corporations. In this work, we analyze these attacks, and find they often exploit usability failures of browsers. We developed and describe TrustBar, a browser extension for improved secure identification indicators. Users can assign a name/logo to a secure site, presented by TrustBar when the browser presents that secure site; otherwise, TrustBar presents the certified site's owner name, and the name/logo of the Certificate Authority (CA) who identified the owner. Some of these ideas are already adopted by browsers, following our work. We describe usability experiments, which measure, and prove the effectiveness, of TrustBar's improved security and identification indicators. We derive general secure-usability principles from our experiments and experience with TrustBar

Note: Earlier version of this manuscript was titled `TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks`. The main change in the new version is description of the usability experiments.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
electronic commerce and payment
Contact author(s)
herzbea @ cs biu ac il
History
2006-09-03: last of 4 revisions
2004-07-07: received
See all versions
Short URL
https://ia.cr/2004/155
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/155,
      author = {Amir Herzberg and Ahmad Gbara},
      title = {Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2004/155},
      year = {2004},
      url = {https://eprint.iacr.org/2004/155}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.