Will You Trust This TLS Certificate? Perceptions of People
Working in IT

D 2019

Will You Trust This TLS Certificate? Perceptions of People Working in IT

UKROP, Martin, Lydia KRAUS, Václav MATYÁŠ a Heider Ahmad Mutleq WAHSHEH

Základní údaje

Originální název

Will You Trust This TLS Certificate? Perceptions of People Working in IT

Autoři

UKROP, Martin (703 Slovensko, garant, domácí), Lydia KRAUS (276 Německo, domácí), Václav MATYÁŠ (203 Česká republika, domácí) a Heider Ahmad Mutleq WAHSHEH (400 Jordánsko)

Vydání

New York, NY, USA, Proceedings of the 35rd Annual Computer Security Applications Conference, od s. 718-731, 14 s. 2019

Nakladatel

Association for Computing Machinery

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL Will You Trust This TLS Certificate? Perceptions of People Working in IT

Kód RIV

RIV/00216224:14330/19:00111065

Organizační jednotka

Fakulta informatiky

ISBN

978-1-4503-7628-0

DOI

http://dx.doi.org/10.1145/3359789.3359800

UT WoS

000540643900055

Klíčová slova anglicky

warning design;documentation;TLS certificate;usable security

Štítky

best5, core_A, firank_A

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 15. 4. 2021 09:24, RNDr. Martin Ukrop, Ph.D.

Anotace

V originále

Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much does the content of error messages and documentation influence these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating, different certificate validation errors. Furthermore, we focused on the influence of re-worded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions regarding the tested certificate flaws with trust decisions being far from binary. The self-signed and the name constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages and documentation can positively influence resource use, comprehension, and trust assessment. Our conclusions can be directly used in practice by adopting the re-worded error messages and documentation.

Návaznosti

MUNI/A/1040/2018, interní kód MU

Název: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 19 (Akronym: SKOMU)

Investor: Masarykova univerzita, Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 19, DO R. 2020_Kategorie A - Specifický výzkum - Studentské výzkumné projekty

Citovat

UKROP, Martin, Lydia KRAUS, Václav MATYÁŠ a Heider Ahmad Mutleq WAHSHEH. Will You Trust This TLS Certificate? Perceptions of People Working in IT. Online. In Proceedings of the 35rd Annual Computer Security Applications Conference. New York, NY, USA: Association for Computing Machinery, 2019, s. 718-731. ISBN 978-1-4503-7628-0. Dostupné z: https://dx.doi.org/10.1145/3359789.3359800.

@inproceedings{1573416,
   author = {Ukrop, Martin and Kraus, Lydia and Matyáš, Václav and Wahsheh, Heider Ahmad Mutleq},
   address = {New York, NY, USA},
   booktitle = {Proceedings of the 35rd Annual Computer Security Applications Conference},
   doi = {http://dx.doi.org/10.1145/3359789.3359800},
   keywords = {warning design;documentation;TLS certificate;usable security},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, USA},
   isbn = {978-1-4503-7628-0},
   pages = {718-731},
   publisher = {Association for Computing Machinery},
   title = {Will You Trust This TLS Certificate? Perceptions of People Working in IT},
   url = {http://dx.doi.org/10.1145/3359789.3359800},
   year = {2019}
}

TY  - JOUR
ID  - 1573416
AU  - Ukrop, Martin - Kraus, Lydia - Matyáš, Václav - Wahsheh, Heider Ahmad Mutleq
PY  - 2019
TI  - Will You Trust This TLS Certificate? Perceptions of People Working in IT
PB  - Association for Computing Machinery
CY  - New York, NY, USA
SN  - 9781450376280
KW  - warning design;documentation;TLS certificate;usable security
UR  - http://dx.doi.org/10.1145/3359789.3359800
N2  - Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much does the content of error messages and documentation influence these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating, different certificate validation errors. Furthermore, we focused on the influence of re-worded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions regarding the tested certificate flaws with trust decisions being far from binary. The self-signed and the name constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages and documentation can positively influence resource use, comprehension, and trust assessment. Our conclusions can be directly used in practice by adopting the re-worded error messages and documentation.
ER  -

UKROP, Martin, Lydia KRAUS, Václav MATYÁŠ a Heider Ahmad Mutleq WAHSHEH. Will You Trust This TLS Certificate? Perceptions of People Working in IT. Online. In \textit{Proceedings of the 35rd Annual Computer Security Applications Conference}. New York, NY, USA: Association for Computing Machinery, 2019, s.~718-731. ISBN~978-1-4503-7628-0. Dostupné z: https://dx.doi.org/10.1145/3359789.3359800.

Podrobný výpis o publikaci