Jun 10 2017

Conclusion and References

Published by

CONCLUSION

Our browser extension contributes to research by demonstrating an alternative user interface to display certificate information. It is targeted towards the typical user and does not rely on previous understanding of SSL certificates or web security. We conducted a user study in the form of a semi-structured interview to determine the effectiveness of the certificate interface. The results showed that the user could determine whether to trust a website based on our browser extension. Possible improvements to SSL certificate interfaces were also identified by the participants. The levels of certification can be made clear through adjustments to the indicator and by including missing information. Future work could focus on user education to familiarize people with certificates, Certificate Authorities and their role in web security. This would also aid users to trust Certificate Authorities.

REFERENCES

1. Sobey, J. Whalen, T. Biddle, R. Oorschot P. V. and Patrick A. “Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study,” in Proc. of the ACM workshop on Cloud computing security, (2009).

2. Whitten A. and Tygar, J. D. “Why Johnny Can’t Encrypt: A Usability Case Study of PGP 5.0,” in In Proc. of the 8th USENIX Security Symposium, (1999).