CryptoDB
Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In spite of the use of standard web security measures (SSL/TLS), users enter sensitive information such as passwords into scam web sites. Such scam sites cause substantial damages to individuals and corporations. In this work, we analyze these attacks, and find they often exploit usability failures of browsers. We developed and describe TrustBar, a browser extension for improved secure identification indicators. Users can assign a name/logo to a secure site, presented by TrustBar when the browser presents that secure site; otherwise, TrustBar presents the certified site's owner name, and the name/logo of the Certificate Authority (CA) who identified the owner. Some of these ideas are already adopted by browsers, following our work. We describe usability experiments, which measure, and prove the effectiveness, of TrustBar's improved security and identification indicators. We derive general secure-usability principles from our experiments and experience with TrustBar |
BibTeX
@misc{eprint-2004-12127,
title={Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks},
booktitle={IACR Eprint archive},
keywords={applications / electronic commerce and payment},
url={http://eprint.iacr.org/2004/155},
note={ herzbea@cs.biu.ac.il 13394 received 4 Jul 2004, last revised 3 Sep 2006},
author={Amir Herzberg and Ahmad Gbara},
year=2004
}