Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
WWW
2005
ACM
2005
ACM
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
Existing Web browsers handle security errors in a manner that often confuses users. In particular, when a user visits a secure site whose certificate the browser cannot verify, the browser typically allows the user to view and install the certificate and connect to the site despite the verification failure. However, few users understand the risk of man-in-the-middle attacks and the principles behind certificate-based authentication. We propose context-sensitive certificate verification (CSCV), whereby the browser interrogates the user about the context in which a certificate verification error occurs. Considering the context, the browser then guides the user in handling and possibly overcoming the security error. We also propose specific password warnings (SPW) when users are about to send passwords in a form vulnerable to eavesdropping. We performed user studies to evaluate CSCV and SPW. Our results suggest that CSCV and SPW can greatly improve Web browsing security and are easy to u...
Real-time TrafficBrowsers Handle Security | Certificate Verification Error | Context-sensitive Certificate Verification | Internet Technology | WWW 2005 |
| Added | 22 Nov 2009 |
| Updated | 22 Nov 2009 |
| Type | Conference |
| Year | 2005 |
| Where | WWW |
| Authors | José Carlos Brustoloni, Xia Brustoloni |
Comments (0)
Researcher Info
|
