CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Training wheels in a user interface
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cookies and Web browser design: toward realizing informed consent online
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Privacy critics: UI components to safeguard users' privacy
CHI '99 Extended Abstracts on Human Factors in Computing Systems
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
IEEE Internet Computing
Proceedings of the 11th USENIX Security Symposium
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
Humans in the Loop: Human-Computer Interaction and Security
IEEE Security and Privacy
Public key distribution through "cryptoIDs"
Proceedings of the 2003 workshop on New security paradigms
Virtual Prepaid Tokens for Wi-Fi Hotspot Access
LCN '04 Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
User help techniques for usable security
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Laboratory experiments for network security instruction
Journal on Educational Resources in Computing (JERIC)
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Extending web applications with a lightweight zero knowledge proof authentication
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
Position: the user is the enemy
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Using reinforcement to strengthen users' secure behaviors
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
HProxy: client-side detection of SSL stripping attacks
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
QoS-T: QoS throttling to elicit user cooperation in computer systems
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
LoKey: leveraging the SMS network in decentralized, end-to-end trust establishment
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
A survey of client-side Web threats and counter-threat measures
Security and Communication Networks
CodeShield: towards personalized application whitelisting
Proceedings of the 28th Annual Computer Security Applications Conference
A Social-Feedback Enriched Interface for Software Download
Journal of Organizational and End User Computing
Proceedings of the Ninth Symposium on Usable Privacy and Security
Content-based control of HTTPs mail for implementation of IT-convergence security environment
Journal of Intelligent Manufacturing
Hi-index | 0.00 |
Existing Web browsers handle security errors in a manner that often confuses users. In particular, when a user visits a secure site whose certificate the browser cannot verify, the browser typically allows the user to view and install the certificate and connect to the site despite the verification failure. However, few users understand the risk of man-in-the-middle attacks and the principles behind certificate-based authentication. We propose context-sensitive certificate verification (CSCV), whereby the browser interrogates the user about the context in which a certificate verification error occurs. Considering the context, the browser then guides the user in handling and possibly overcoming the security error. We also propose specific password warnings (SPW) when users are about to send passwords in a form vulnerable to eavesdropping. We performed user studies to evaluate CSCV and SPW. Our results suggest that CSCV and SPW can greatly improve Web browsing security and are easy to use even without training. Moreover, CSCV had greater impact than did staged security training.