874,745 research outputs found
"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS
HTTPS is one of the most important protocols used
to secure communication and is, fortunately, becoming more
pervasive. However, especially the long tail of websites is still not
sufficiently secured. HTTPS involves different types of users, e.g.,
end users who are forced to make security decisions when faced
with warnings or administrators who are required to deal with
cryptographic fundamentals and complex decisions concerning
compatibility.
In this work, we present the first qualitative study of both
end user and administrator mental models of HTTPS. We interviewed 18 end users and 12 administrators; our findings reveal
misconceptions about security benefits and threat models from
both groups. We identify protocol components that interfere with
secure configurations and usage behavior and reveal differences
between administrator and end user mental models.
Our results suggest that end user mental models are more
conceptual while administrator models are more protocol-based.
We also found that end users often confuse encryption with
authentication, significantly underestimate the security benefits
of HTTPS. They also ignore and distrust security indicators
while administrators often do not understand the interplay of
functional protocol components. Based on the different mental
models, we discuss implications and provide actionable recommendations for future designs of user interfaces and protocols
OVERHEAD ANALYSIS OF HTTPS
Secure web access has a remarkable growth. Users would like to
exploit the advantages
of the Internet for online banking, for e-commerce or they simply would like
to protect
their information e.g. with using a secure web mailer. Https is a simple http traffic on
top of a security protocol (e.g. SSL, TLS) is used for serving this need. This paper gives
detailed analysis of https traffic to aid traffic dimensioning or traffic modelling and
even to assist investigation of traffic flow confidentiality
Verifiable Random Functions (VRFs)
A Verifiable Random Function (VRF) is the public-key version of a
keyed cryptographic hash. Only the holder of the private key can
compute the hash, but anyone with public key can verify the
correctness of the hash. VRFs are useful for preventing enumeration
of hash-based data structures. This document specifies several VRF
constructions that are secure in the cryptographic random oracle
model. One VRF uses RSA and the other VRF uses Eliptic Curves (EC).https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/First author draf
- …