| Title | Analyzing the Browser Security Warnings on HTTPS Errors |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Wang, Congli, Lin, Jingqiang, Li, Bingyu, Li, Qi, Wang, Qiongxiao, Zhang, Xiaokun |
| Conference Name | ICC 2019 - 2019 IEEE International Conference on Communications (ICC) |
| Date Published | may |
| Keywords | browser behaviors, browser defects, browser security warnings, certificate verification, certification, common HTTPS errors, composability, compositionality, cryptographic algorithm, cryptography, data confidentiality, data privacy, encoding, Error analysis, error correction codes, HPKP, HSTS, Human Behavior, human factors, Internet, Metrics, name validation, online front-ends, Phase change materials, Programming, pubcrawl, reliability, resilience, Resiliency, Resistance, secure connections, secure Web applications, telecommunication security, valid certificate chain, Web Browser Security |
| Abstract | HTTPS provides authentication, data confidentiality, and integrity for secure web applications in the Internet. In order to establish secure connections with the target website but not a man-in-the-middle or impersonation attacker, a browser shows security warnings to users, when different HTTPS errors happen (e.g., it fails to build a valid certificate chain, or the certificate subject does not match the domain visited). Each browser implements its own design of warnings on HTTPS errors, to balance security and usability. This paper presents a list of common HTTPS errors, and we investigate the browser behaviors on each error. Our study discloses browser defects on handling HTTPS errors in terms of cryptographic algorithm, certificate verification, name validation, HPKP, and HSTS. |
| DOI | 10.1109/ICC.2019.8761629 |
| Citation Key | wang_analyzing_2019 |
Analyzing the Browser Security Warnings on HTTPS Errors