Interdisciplinary Research Group in Socio-technical Cybersecurity
Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates
Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
Ana Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini
A. Ferreira, R. Giustolisi, J. Huynen, V. Koenig and G. Lenzini, "Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates," 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, 2013, pp. 1553-1558.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette