Evolution of SSL/TLS Indicators and Warnings in Web Browsers [SPW 2019]

   Authors: Lydia Kraus, Martin Ukrop, Vashek Matyas and Tobias Fiebig

 Primary contact: Lydia Kraus <lydia.kraus@mail.muni.cz>

 Conference: Security Protocols Workshop 2019

Pre-print PDF   Presentation   BiBTeX

@InProceedings{2019-spw-kraus,
  Title         = {Evolution of SSL/TLS Indicators and Warnings in Web Browsers},
  Author        = {Lydia Kraus and Martin Ukrop and Vashek Matyas and Tobias Fiebig},
  BookTitle     = {27th International Workshop on Security Protocols (SPW 2019)},
  Year          = {2019},
  Publisher     = {Forthcoming},
  crocsweb      = {https://crocs.fi.muni.cz/papers/spw2019},
  Keywords      = {usablesec},
}

Abstract

The creation of the World Wide Web (WWW) in the early 1990’s finally made the Internet accessible to a wider part of the population. With this increase in users, security became more important. To address confidentiality and integrity requirements on the web, Netscape—by then a major web browser vendor—presented the Secure Socket Layer (SSL), later versions of which were renamed to Transport Layer Security (TLS). In turn, this necessitated the introduction of both security indicators in browsers to inform users about the TLS connection state and also of warnings to inform users about potential errors in the TLS connection to a website. Looking at the evolution of indicators and warnings, we find that the qualitative data on security indicators and warnings, i.e., screen shots of different browsers over time is inconsistent. Hence, in this paper we outline our methodology for collecting a comprehensive data set of web browser security indicators and warnings, which will enable researchers to better understand how security indicators and TLS warnings in web browsers evolved over time.

Based on the ideas presented in this paper, we started developing a tool for automatic collection of SSL/TLS warnings and errors in different browser. The tool under development can be found on the lab's GitHub profile.

TLS warning collector