How Much Network Security Must Be Visible in Web Browsers?

Hirsch, Tobias; Lo Iacono, Luigi; Wechsung, Ina

doi:10.1007/978-3-642-32287-7_1

Tobias Hirsch¹⁹,
Luigi Lo Iacono²⁰ &
Ina Wechsung¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7449))

Included in the following conference series:

International Conference on Trust, Privacy and Security in Digital Business

1238 Accesses
2 Citations

Abstract

Visualizing security status information in web browsers has been a complex matter ever since. With novel security standards getting into wide spread use and entering the browser, this task becomes even more complex. This paper addresses this issue by analyzing the current state of the art in browser support for DNSSEC. As a result of this analysis, it is emphasized that the visual cues used for TLS and the ones for DNSSEC are not unambiguous and hence are more confusing than beneficial. An improvement is suggested, that relies on the idea of visualizing security services instead of security standard specifics. The paper contributes an icon set following this idea and presents evaluation results obtained by a user study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 49.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101, Internet Engineering Task Force (August 2011), http://www.rfc-editor.org/rfc/rfc6101.txt
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, Internet Engineering Task Force (August 2008), http://www.rfc-editor.org/rfc/rfc5246.txt
Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: An empirical study of ssl warning effectiveness. In: Usenix Security (2009)
Google Scholar
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems, CHI 2008, pp. 1065–1074. ACM, New York (2008)
Chapter Google Scholar
Eastlake, D.: Domain Name System Security Extensions. RFC 2535, Internet Engineering Task Force (March 1999), http://www.rfc-editor.org/rfc/rfc2535.txt
Internet Society: What is the correct ”user experience” for DNSSEC in a web browser? Technical report (January 2012), http://www.internetsociety.org/deploy360/blog/2012/01/what-is-the-correct-user-experience-for-dnssec-in-a-web-browser/
Menezes, A.J., Vanstone, S.A., Van Oorschot, P.C.: Handbook of Applied Cryptography, 1st edn. CRC Press, Inc. (1996)
Google Scholar
Mockapetris, P.: Domain names - concepts and facilities. RFC 1034, Internet Engineering Task Force (November 1987), http://www.rfc-editor.org/rfc/rfc1034.txt
Mockapetris, P.: Domain names - implementation and specification. RFC 1035, Internet Engineering Task Force (November 1987), http://www.rfc-editor.org/rfc/rfc1035.txt
Kaminsky, D.: It’s the end of the cache as we know it. In: Black Ops. (2008)
Google Scholar
Lexis, P.: Implementing a DANE validator. Technical report, University of Amsterdam (February 2012), http://staff.science.uva.nl/~delaat/rp/2011-2012/p29/report.pdf
Hoffman, P., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Protocol for Transport Layer Security (TLS). Internet-draft, Internet Engineering Task Force (February 2012), http://www.ietf.org/id/draft-ietf-dane-protocol-17.txt
Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., Wright, T.: Transport Layer Security (TLS) Extensions. RFC 4366, Internet Engineering Task Force (April 2006), http://www.rfc-editor.org/rfc/rfc4366.txt
Langley, A.: DNSSEC authenticated HTTPS in Chrome. Technical report (June 2011), http://www.imperialviolet.org/2011/06/16/dnssecchrome.html

Download references

Author information

Authors and Affiliations

T-Labs, TU Berlin, Berlin, Germany
Tobias Hirsch & Ina Wechsung
Cologne University of Applied Sciences, Cologne, Germany
Luigi Lo Iacono

Authors

Tobias Hirsch
View author publications
You can also search for this author in PubMed Google Scholar
Luigi Lo Iacono
View author publications
You can also search for this author in PubMed Google Scholar
Ina Wechsung
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, Karlstad University, Universitetsgatan 2, 65188, Karlstad, Sweden
Simone Fischer-Hübner
Department of Digital Systems, University of Piraeus, 80 Karaoli and Dimitriou Str, 18532, Piraeus, Greece
Sokratis Katsikas
Department of IT, Engineering and Environment, University of South Australia, Mawson Lakes Campus, 5001, Adelaide, SA, Australia
Gerald Quirchmayr

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hirsch, T., Lo Iacono, L., Wechsung, I. (2012). How Much Network Security Must Be Visible in Web Browsers?. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2012. Lecture Notes in Computer Science, vol 7449. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32287-7_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-32287-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32286-0
Online ISBN: 978-3-642-32287-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics