Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Forcehttps: protecting high-security web sites from network attacks
Proceedings of the 17th international conference on World Wide Web
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Cookie-proxy: a scheme to prevent SSLStrip attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.00 |
We propose a new, simple and effective domain segmentation approach to sustain SSL protection which is usually compromised when users are expected to perform legitimacy judgment. It has been established that using security warnings and indicators is a serious operational flaw of SSL. As a security-critical system, SSL should never rely on users' judgment as the ultimate defense because adversaries that exploit users' ignorance and illiteracy are sufficient to break the most secure system. The proposal simply requires a service provider to opt-in by hosting its service in a special subdomain "secure". The enhanced protection will then be automatically in force. In this paper, we consider three severe and characteristic attack models, namely dynamic pharming, deceptive captive portal and SSLStrip attacks, and we show that there is no single defeating solution except SSLock. We have conducted deployability analysis which further justifies the proposal in terms of its high compatibility rate. SSLock is the only approach that is generic and light-weight for application vendors, opt-in and zero-initialization for service providers, and privacy-preserving and idiot-proof for generic users.