Reference : Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS C...
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/9903
Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates
English
Ferreira, Ana mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Giustolisi, Rosario mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Huynen, Jean-Louis mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Koenig, Vincent mailto [University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Educational Measurement and Applied Cognitive Science (EMACS) >]
Lenzini, Gabriele mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
2013
IEEE TrustCom
IEEE Computer Society
Yes
International
The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13)
from 16-07-2013 to 18-07-2013
Melbourne
Australia
[en] Socio-Technical Security ; Ceremony Analysis ; Human Computer Interaction
[en] Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
Interdisciplinary Centre for Security, Reliability and Trust - SnT
Fonds National de la Recherche - FnR
Researchers
http://hdl.handle.net/10993/9903

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
STSAofTLS.pdfAuthor preprint455.96 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.