Will you trust this TLS certificate?

Ukrop, Martin; Kraus, Lydia; Matyáš, Václav; Wahsheh, Heider A.

doi:10.1145/3359789.3359800

Cited by 12 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All these codes were much less present in the redesigned documentation -supporting the decrease of perceived severity seen in the quantitative evaluation. As illustrated by the following quote, the content analysis also emphasizes that IT professionals want to see the precise details to pinpoint the error quickly (consistent with findings in the related work [31]). Inconsistency & Incorrectness.…”

Section: Rq1: Perceived Obstaclessupporting

confidence: 65%

“…A similar study on the effects of redesigned documentation was performed in 2019 by Ukrop et al [31]. 75 attendees of an industrial conference interacted with certificate validation error messages and documentation in either original or redesigned version, focusing on the perceived trust in differently flawed certificates.…”

Section: Attempting a Changementioning

confidence: 95%

“…Collecting basic demographics (gender, student status, IT education, employment) and previous experience (IT security, X.509, OpenSSL). The redesigned documentation for the errors was created based on the recommendations for error messages listed in Section 2.3, much inspired by the documentation by Ukrop et al [31] and consulted between a developer and a security researcher. The final design consists of the following parts (the full documentation available in Appendix B):…”

Section: Original and Redesigned Documentationmentioning

confidence: 99%

“…We aim to test the real-world applicability of more usable certificate validation documentation, redesigned following existing guidelines. The closest to our setup is a study by Ukrop et al [31] demonstrating that just adjusting the existing command line interface (CLI) error messages and the corresponding documentation can significantly positively affect the developer experience.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors

Ukrop

Balážová

Žáčik

et al. 2022

Proceedings of the 2022 European Symposium on Usable Security

Self Cite

View full text Add to dashboard Cite

We face certificate validation errors commonly, yet the related tools and documentation had been shown to have very poor usability. Previous research suggests that just improving the error messages and corresponding documentation can have significantly positive effects. Our work aims at increasing the usability of certificate validation by 1) redesigning the API error messages and the corresponding documentation, and 2) validating the real-world applicability of the redesign by investigating the opinions of 180 IT professionals. We focus on the perceived obstacles, desired ideal form and overall satisfaction. The redesigned documentation exhibits a reliable significant decrease in perceived incompleteness, with a small amount of perceived bloat and tangle. The redesigned documentation, now published on a dedicated website, is preferred by 89% of our study participants. CCS CONCEPTS• Security and privacy → Usability in security and privacy; • Software and its engineering → Documentation; • General and reference → Validation.

show abstract

Section: Rq1: Perceived Obstaclessupporting

confidence: 65%

Section: Attempting a Changementioning

confidence: 95%

Section: Original and Redesigned Documentationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors

Ukrop

Balážová

Žáčik

et al. 2022

Proceedings of the 2022 European Symposium on Usable Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…All apps [64][65][66][67][68][69][70][71][72][73] can work in closed/controlled environments, except [64] which can work also in an open environment when using a digital signature or checking URLs. Users should be aware of the potential threats when using digital signature certificates such as expired certificates, self-signed certificates, hostname mismatch, and chain of certificates issues [74,75].…”

Section: Discussionmentioning

confidence: 99%

Secure Real-Time Artificial Intelligence System against Malicious QR Code Links

Al-Zahrani

Wahsheh

Alsaade

2021

Security and Communication Networks

View full text Add to dashboard Cite

Recently, hackers intend to reproduce malicious links utilizing several ways to mislead users. They try to control victims’ machines or get their data remotely by gaining access to private information they use via cyberspace. QR codes are two-dimensional barcodes with the capacity to encode various data types and can be viewed by digital devices, such as smartphones. However, there is no approved protocol in QR code generation; therefore, QR codes might be exposed to several questionable attacks. QR code attacks might be perpetrated using barcodes, and there are some security countermeasures. Some of these solutions are restricted to malicious link detection techniques with knowledge of cryptographic methods. Therefore, this study aims to detect malicious links embedded in 1D (linear) and 2D (QR) codes. A cybercrime attack was proposed based on barcode counterfeiting that can be used to perform online attacks. A dataset of 100000 malicious and benign URLs was created via several resources, and their lexical features were obtained. Analyses were conducted to illustrate how different features and users deal with online barcode content. Several artificial intelligence models were implemented. A decision tree classifier was identified as the most suitable model for identifying malicious URLs. Our outcomes suggested that a secure artificial intelligence barcode scanner (BarAI) is recommended to detect malicious barcode links with an accuracy of 90.243%.

show abstract

Lightweight Cryptographic and Artificial Intelligence Models for Anti-smishing

Wahsheh

Al-Zahrani

2021

Proceedings of International Conference on Emerging Technologies and Intelligent Systems

View full text Add to dashboard Cite

The utilization of Short Message Service (SMS) in smartphones has expanded quickly during recent years. As text informing is the most prudent choice accessible to arrive at masses, it is broadly utilized for offering buy focal points and as a promoting medium. Roughly billions of instant SMSs are sent each hour worldwide, so the expanding utilization of these messages makes it profoundly suitable for assailants. Over 90% of SMS messages are opened within a few seconds, which shows SMS's importance, making it the focus of cyber-attacks. Smishing is one of the cybercrime types that combine SMS and phishing in which trespassers send SMS containing suspicious links and content to the victims. Usually, smishing directs users to harmful websites to silently download malware or show interfaces like legitimate sites to attract users to fill in their sensitive information, i.e., passwords. This study proposes two automated models for detecting smishing by employing Lightweight cryptographic and artificial intelligence (AI) techniques. For the first model, and since there is no official validation stage in SMS construction, we developed our first contribution using a lightweight cryptographic SMS model to protect SMS and detect possible phishing or fake content. We select the standard, popular signature schemes, and evaluating the performance according to time and signature size overhead. The results showed the proposed model's effectiveness to guarantee the main security goals, authentication, integrity, and non-repudiation. Our second model deals with legacy SMS, which doesn't follow the validation stage, so we collected the SMS dataset for an AI model and manually labeled their classes as phishing or legitimate according to their link content. We preprocessed the SMS dataset to extract the link-based distinguishing features, and we applied feature selection techniques to obtain the best performance. We experimented with two artificial intelligence classifiers and

show abstract

Will you trust this TLS certificate?

Cited by 12 publications

References 28 publications

Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors

Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors

Secure Real-Time Artificial Intelligence System against Malicious QR Code Links

Lightweight Cryptographic and Artificial Intelligence Models for Anti-smishing

Contact Info

Product

Resources

About