Title :
Studies in Socio-technical Security Analysis: Authentication of Identities with TLS Certificates
Author :
Ferreira, Andre ; Giustolisi, Rosario ; Huynen, Jean-Louis ; Koenig, Vincent ; Lenzini, Gabriele
Author_Institution :
Interdiscipl. Centre for Security, Univ. of Luxembourg, Luxembourg, Luxembourg
Abstract :
Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user´s understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science.
Keywords :
Internet; security of data; social aspects of automation; TLS certificates; Web identities authentication; cognitive science; formal methods; security framework; socio technical security analysis; Browsers; Computational modeling; Computers; Context; Security; Servers; Unified modeling language; Ceremony Analysis; Human Computer Interaction; Socio-Technical Security;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
Conference_Location :
Melbourne, VIC
DOI :
10.1109/TrustCom.2013.190
