Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program »

An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack

One of the latest attacks on secure socket layer (SSL), called the SSLstripping attack, was reported at the Blackhat conference in 2009. As a type of man-in-the-middle (MITM) attack, it has the potential to affect tens of millions of users of popular online social networking and financial websites protected by SSL. Interestingly, the attack exploits users' browsing habits, rather than a technical flaw in the protocol, to defeat the SSL security. In this paper we present a novel approach to addressing this attack by using visually augmented security. Specifically, motivated by typical traffic lights, we introduce a set of visual cues aimed at thwarting the attack. The visual cues, called security status light (SSLight), can be used to help users make better, more informed decisions when their sensitive information need to be submitted to the websites. A user study was conducted to investigate the effectiveness of our scheme, and its results show that our approach is more promising than the traditional pop-up method adopted by major web browsers.

Author(s):

Dongwan Shin    
New Mexico Tech
United States

Rodrigo Lopes    
New Mexico Tech
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC