Evolution of SSL/TLS Indicators and Warnings in Web Browsers [SPW 2019]
Authors: Lydia Kraus, Martin Ukrop, Vashek Matyas and Tobias Fiebig
Primary contact: Lydia Kraus <lydia.kraus@mail.muni.cz>
Conference: Security Protocols Workshop 2019
@InProceedings{2019-spw-kraus, Title = {Evolution of SSL/TLS Indicators and Warnings in Web Browsers}, Author = {Lydia Kraus and Martin Ukrop and Vashek Matyas and Tobias Fiebig}, BookTitle = {27th International Workshop on Security Protocols (SPW 2019)}, Year = {2020}, Publisher = {Springer International Publishing}, Pages = {267--280}, DOI = {10.1007/978-3-030-57043-9_25}, }
Abstract
The creation of the World Wide Web (WWW) in the early 1990’s finally made the Internet accessible to a wider part of the population. With this increase in users, security became more important. To address confidentiality and integrity requirements on the web, Netscape—by then a major web browser vendor—presented the Secure Socket Layer (SSL), later versions of which were renamed to Transport Layer Security (TLS). In turn, this necessitated the introduction of both security indicators in browsers to inform users about the TLS connection state and also of warnings to inform users about potential errors in the TLS connection to a website. Looking at the evolution of indicators and warnings, we find that the qualitative data on security indicators and warnings, i.e., screen shots of different browsers over time is inconsistent. Hence, in this paper we outline our methodology for collecting a comprehensive data set of web browser security indicators and warnings, which will enable researchers to better understand how security indicators and TLS warnings in web browsers evolved over time.
Further research
Based on the ideas presented in this paper, we started developing a tool for automatic collection of SSL/TLS warnings and errors in different browser. The tool under development can be found on the lab's GitHub profile.