Human-computer interaction
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Protecting secret keys with personal entropy
Future Generation Computer Systems - Special issue on security on the Web
SSL and TLS: designing and building secure systems
SSL and TLS: designing and building secure systems
Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Proceedings of the 11th USENIX Security Symposium
Digital signatures and electronic documents: a cautionary tale
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
WebALPS: a survey of E-commerce privacy and security applications
ACM SIGecom Exchanges
Securing Web Servers against Insider Attack
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Practical server privacy with secure coprocessors
IBM Systems Journal - End-to-end security
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Detecting web bugs with bugnosis: privacy advocacy through education
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
What do they "indicate?": evaluating security and privacy indicators
interactions - A contradiction in terms?
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
The Case for Modeling Security, Privacy, Usability and Reliability (SPUR) in Automotive Software
Model-Driven Development of Reliable Automotive Services
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A survey of client-side Web threats and counter-threat measures
Security and Communication Networks
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Secure enrollment and practical migration for mobile trusted execution environments
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Explicit authentication response considered harmful
Proceedings of the 2013 workshop on New security paradigms workshop
ECC-based anti-phishing protocol for cloud computing services
International Journal of Security and Networks
Hi-index | 0.00 |
Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. In this paper, we show how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. We then consider how to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user. We present potential designs, propose a new one, prototype it in open-source Mozilla, and demonstrate its effectiveness via user studies.