Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates

Interdisciplinary Research Group in Socio-technical Cybersecurity

Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates

Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini
Abstract:
Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
Authors:
Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini
Publication date:
2013
Published in:
IEEE TrustCom
Reference:
A. Ferreira, R. Giustolisi, J. Huynen, V. Koenig and G. Lenzini, "Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates," 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, 2013, pp. 1553-1558.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu