Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates

Ferreira, Ana; Giustolisi, Rosario; Huynen, Jean-Louis; Koenig, Vincent; Lenzini, Gabriele

doi:10.1109/TrustCom.2013.190

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates

Ferreira, Ana; Giustolisi, Rosario; Huynen, Jean-Louis et al.

2013 • In IEEE TrustCom

Peer reviewed

Permalink
https://hdl.handle.net/10993/9903

DOI
10.1109/TrustCom.2013.190

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

STSAofTLS.pdf

Author preprint (466.9 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Socio-Technical Security; Ceremony Analysis; Human Computer Interaction

Abstract :

[en] Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust - SnT

Disciplines :

Computer science

Author, co-author :

Ferreira, Ana ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Giustolisi, Rosario ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Huynen, Jean-Louis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Koenig, Vincent ; University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Educational Measurement and Applied Cognitive Science (EMACS)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Language :

English

Title :

Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates

Publication date :

2013

Event name :

The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13)

Event place :

Melbourne, Australia

Event date :

from 16-07-2013 to 18-07-2013

Audience :

International

Journal title :

IEEE TrustCom

Publisher :

IEEE Computer Society

Peer reviewed :

Peer reviewed

Name of the research project :

I2R-APS-PFN-11STAS

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 05 November 2013

Statistics

Number of views

184 (32 by Unilu)

Number of downloads

281 (13 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™