ABSTRACT
In this paper, we aim at providing conceptual and empirical insights to the design of security indicators in web browsers. In examining why security indicators in web browsers fail to warn users about web frauds, we propose affordance-based principles for our new design of web authentication indicators. Following these principles, we present a new design for Extended Validation (EV) certificate interface in the Firefox browser. We then conduct an exploratory qualitative study to evaluate three different versions of EV indicators. Our findings offer some preliminary implications for the designs of more effective web authentication indicators.
- Moore, T. and Clayton, R. 2007. Examining the impact of website take-down on phishing. In Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, Pittsburgh, Pennsylvania, 1--13. Google ScholarDigital Library
- apwg_report_Q4_2009, 2009. Retrieved from http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdfGoogle Scholar
- Jackson, C., Simon, D., Tan, D., and Barth, A. 2007. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. Financial Cryptography and Data Security, 281--293. Google ScholarDigital Library
- Herzberg, A. and Jbara, A. 2008. Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans. Internet Technol., 8, 1--36. Google ScholarDigital Library
- Biddle, R., Oorschot, P. C. V., Patrick, A. S., Sobey, J., and Whalen, T. 2009. Browser interfaces and extended validation SSL certificates: an empirical study. In Proceedings of the 2009 ACM workshop on Cloud computing security, Chicago, Illinois, USA, 19--30. Google ScholarDigital Library
- Dhamija, R., Tygar, J. D., and Hearst, M. 2006. Why phishing works? In Proceedings of the SIGCHI conference on Human Factors in computing systems, Montréal, Québec, Canada: ACM, 581--590. Google ScholarDigital Library
- Schechter, S., Dhamija, R., Ozment, A., and Fischer, I. 2007. The Emperor's New Security Indicators. 2007 IEEE Symposium on Security and Privacy (SP '07), Berkeley, CA, 51--65. Google ScholarDigital Library
- Sobey, J., van Oorschot, P. C., and Patrick, A. S. 2009. Browser Interfaces and EV-SSL Certificates: Confusion, Inconsistencies and HCI Challenges, Technical Report TR-09-02 (January 15, 2009), School of Computer Science, Carleton University, Canada.Google Scholar
- Wu, M., Miller, R. C., and Garfinkel, S. L. 2006. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI conference on Human Factors in computing systems, Montréal, Québec, Canada, 601--610. Google ScholarDigital Library
- Iachello, G. and Hong, J. 2007. End-user privacy in human-computer interaction. Found. Trends Hum.-Comput. Interact., 1, 2007, 1--137. Google ScholarDigital Library
- Gibson, J. J. 1977. The theory of affordances. Perceiving, acting, and knowing: Toward an ecological psychology, 1977, 67--82.Google Scholar
- Norman, D. A. 1999. Affordance, conventions, and design. interactions, 6, 1999, 38--43. Google ScholarDigital Library
- Sheng, S., Wardman, B., Warner, G., Cranor, L. F., Hong, J., and Zhang, C. 2009. An empirical analysis of phishing blacklists. Sixth Conference on Email and Anti-Spam, 2009.Google Scholar
- http://www.w3schools.com/browsers/browsers_stats.aspGoogle Scholar
- Staikos, G. 2005. Web Browser Developers Work Together on Security. http://dot.kde.org/1132619164/, Nov. 2005.Google Scholar
- Franco, R. 2004. Better website identification and extended validation certificates in IE7 and other browsers. Microsoft Developer Network's IEBlog. http://blogs.msdn.com/ie/archive/2005/11/21/495507. aspx, 2004.Google Scholar
- http://www.cabforum.org/certificates.htmlGoogle Scholar
- Sobey, J., Biddle, R., Oorschot, P. C., and Patrick, A. S. 2008. Exploring User Reactions to New Browser Cues for Extended Validation Certificates. In Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, Málaga, Spain: Springer-Verlag, 411--427. Google ScholarDigital Library
- Whitten, A. and Tygar, J. D. 1999. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, 169--184. Google ScholarDigital Library
- Whalen, T. and Inkpen, K. M. 2005. Gathering evidence: use of visual security cues in web browsers. In Proceedings of Graphics Interface 2005, Victoria, British Columbia: Canadian Human-Computer Communications Society, 137--144. Google ScholarDigital Library
- Cranor, L. F. 2006. What do they "indicate?": evaluating security and privacy indicators. interactions, 13, 2006, 45--47. Google ScholarDigital Library
- Hartson, R. 2003. Cognitive, physical, sensory, and functional affordances in interaction design. Behaviour & Information Technology, 22, 2003, p. 315.Google Scholar
- McGrenere, J. and Ho, W. 2000. Affordances: Clarifying and evolving a concept. Graphics Interface, 2000, 179--186.Google Scholar
- Norman, D. A. 1988. The psychology of everyday things, Basic books.Google Scholar
- Gaver, W. W. 1991. Technology affordances. In Proceedings of the SIGCHI conference on Human factors in computing systems: Reaching through technology, New Orleans, Louisiana, United States, 79--84. Google ScholarDigital Library
- Maier, J. and Fadel, G. 2009. Affordance based design: a relational theory for design. Research in Engineering Design, 20, (Mar. 2009), 13--27.Google ScholarCross Ref
- Kurtenbach, G. P. 1993. The design and evaluation of marking menus. University of Toronto, 1993.Google ScholarDigital Library
Index Terms
- Informing security indicator design in web browsers
Recommendations
Behavior based web page evaluation
WWW '07: Proceedings of the 16th international conference on World Wide WebThis paper describes our efforts to investigate factors in user's browsing behavior to automatically evaluate web pages that the user shows interest in. To evaluate web pages automatically, we developed a client-side logging/analyzing tool: the GINIS ...
A novel human-computer interface for browsing web data by leaping up web pages
HCI International'13: Proceedings of the 15th international conference on Human Interface and the Management of Information: information and interaction design - Volume Part IWith the rapid growth of network technologies, various web services have been developed for providing information. Therefore, search engines become popular to obtain the useful data. It is critical to efficiently acquire the data from huge data pool in ...
Behavior based web page evaluation
This paper describes our efforts to investigate factors in user browsing behavior to automatically evaluate Web pages that the user shows interest in. To evaluate Web pages automatically, we developed a client-side logging/analyzing tool: the GINIS ...
Comments