Improving the Usability of Web Browser Security
Click here to download now
Overview: SecureWeb sites use HTTPS, which layers HTTP over SSL or its standard equivalent, TLS. Existing Web browsers handle security errors in a manner that often confuses users. In particular, when a user visits a secure site whose certificate the browser cannot verify, the browser typically allows the user to view and install the certificate and connect to the site despite the verification failure. However, few users understand the risk of man-in-the-middle attacks and the principles behind certificate-based authentication. This paper proposes Context-Sensitive Certificate Verification, whereby the browser interrogates the user about the context in which a certificate verification error occurs.