Usability Insights from Establishing TLS Connections [IFIP SEC 2022]

   Authors: Lydia Kraus, Matěj Grabovský, Martin Ukrop, Katarina Galanska, Vashek Matyas

 Primary contact: Lydia Kraus <lydia.kraus@mail.muni.cz>

 Conference: IFIP SEC 2022

   DOI: 10.1007/978-3-031-06975-8_17

PDF   Artifacts   BiBTeX

@InProceedings{2022-ifipsec-kraus,
  Author = {Lydia Kraus, Matěj Grabovský, Martin Ukrop, Katarína Galanská and Vashek Matyas},
  Title = {Usability Insights from Establishing TLS Connections},
  Booktitle = {ICT Systems Security and Privacy Protection},
  Series = {IFIP Advances in Information and Communication Technology},
  Publisher = {Springer International Publishing},
  Year = {2022},
  Keywords = {usablesec},
}

Abstract

TLS is crucial to network security, but TLS-related APIs have been repeatedly shown to be misused. While existing usable security research focuses on cryptographic primitives, the specifics of TLS interfaces seem to be under-researched. We thus set out to investigate the usability of TLS-related APIs in multiple libraries with a focus on identifying the specifics of TLS. We conducted a three-fold exploratory study with altogether 60 graduate students comparing the APIs of three popular security libraries in establishing TLS connections: OpenSSL, GnuTLS, and mbed~TLS. We qualitatively analyzed submitted reports commenting on API usability and tested created source code. User satisfaction emerged as an interesting, potentially under-researched theme as all APIs received both positive and negative reviews. Abstraction level, error handling, entity naming, and documentation emerged as the most salient usability themes. Regarding functionality, checking for revoked certificates was especially complicated and other basic security checks seemed not easy as well. In summary, although there were conflicting opinions on both the interface and documentation of the libraries, several usability issues were shared among participants, forming a~target for closer inspection and subsequent improvement.

Research artifacts contain the inspirational questionnaire provided to students during writing their usability reports.

Supplementary material (hosted here)