Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Proceedings of the Sixth Symposium on Usable Privacy and Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
Proceedings of the Seventh Symposium on Usable Privacy and Security
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
The most dangerous code in the world: validating SSL certificates in non-browser software
Proceedings of the 2012 ACM conference on Computer and communications security
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
Analysis of the HTTPS certificate ecosystem
Proceedings of the 2013 conference on Internet measurement conference
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
When browsers report TLS errors, they cannot distinguish between attacks and harmless server misconfigurations; hence they leave it to the user to decide whether continuing is safe. However, actual attacks remain rare. As a result, users quickly become used to "false positives" that deplete their attention span, making it unlikely that they will pay sufficient scrutiny when a real attack comes along. Consequently, browser vendors should aim to minimize the number of low-risk warnings they report. To guide that process, we perform a large-scale measurement study of common TLS warnings. Using a set of passive network monitors located at different sites, we identify the prevalence of warnings for a total population of about 300,000 users over a nine-month period. We identify low-risk scenarios that consume a large chunk of the user attention budget and make concrete recommendations to browser vendors that will help maintain user attention in high-risk situations. We study the impact on end users with a data set much larger in scale than the data sets used in previous TLS measurement studies. A key novelty of our approach involves the use of internal browser code instead of generic TLS libraries for analysis, providing more accurate and representative results.