Title:
An Empirical Evaluation of Security Indicators in Mobile Web Browsers
An Empirical Evaluation of Security Indicators in Mobile Web Browsers
| dc.contributor.author | Amrutkar, Chaitrali | |
| dc.contributor.author | Traynor, Patrick | |
| dc.contributor.author | van Oorschot, Paul C. | |
| dc.contributor.corporatename | Georgia Institute of Technology. College of Computing | |
| dc.contributor.corporatename | Georgia Institute of Technology. School of Computer Science | |
| dc.contributor.corporatename | Georgia Tech Information Security Center | |
| dc.contributor.corporatename | Carleton University. School of Computer Science | |
| dc.date.accessioned | 2012-05-02T21:11:04Z | |
| dc.date.available | 2012-05-02T21:11:04Z | |
| dc.date.issued | 2011 | |
| dc.description | Research areas: Mobile Device Security, Web Browser Security | |
| dc.description.abstract | Mobile browsers are increasingly being relied upon to perform security sensitive operations. Like their desktop counterparts, these applications can enable SSL/TLS to provide strong security guarantees for communications over the web. However, the drastic reduction in screen size and the accompanying reorganization of screen real-estate significantly changes the use and consistency of the security indicators and certificate information that alert users of site identity and the presence of strong cryptographic algorithms. In this paper, we perform the first measurement of the state of critical security indicators in mobile browsers. We evaluate nine mobile and two tablet browsers, representing over 90% of the market share, against the recommended guidelines for web user interface to convey security set forth by the World Wide Web Consortium (W3C). While desktop browsers follow the majority of guidelines, our analysis shows that mobile browsers fall significantly short. We also observe notable inconsistencies across mobile browsers when such mechanisms actually are implemented. We show where and how these failures on mobile browsers eliminate clues previously designed for, and still present in, desktop browsers to detect attacks such as phishing and man-in-the-middle. Finally, we offer advice on where current standards are unclear or incomplete.¹ | en_US |
| dc.identifier.uri | http://hdl.handle.net/1853/43376 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | Georgia Institute of Technology | en_US |
| dc.relation.ispartofseries | SCS Technical Report ; GT-CS-11-10 | en_US |
| dc.subject | Desktop web browsers | en_US |
| dc.subject | Display-related security | en_US |
| dc.subject | Information security | en_US |
| dc.subject | Mobile web browsers | en_US |
| dc.subject | Security policies | en_US |
| dc.subject | Webpages | en_US |
| dc.subject | Websites | en_US |
| dc.title | An Empirical Evaluation of Security Indicators in Mobile Web Browsers | en_US |
| dc.type | Text | |
| dc.type.genre | Technical Report | |
| dspace.entity.type | Publication | |
| local.contributor.corporatename | College of Computing | |
| local.contributor.corporatename | School of Computer Science | |
| local.relation.ispartofseries | College of Computing Technical Report Series | |
| local.relation.ispartofseries | School of Computer Science Technical Report Series | |
| relation.isOrgUnitOfPublication | c8892b3c-8db6-4b7b-a33a-1b67f7db2021 | |
| relation.isOrgUnitOfPublication | 6b42174a-e0e1-40e3-a581-47bed0470a1e | |
| relation.isSeriesOfPublication | 35c9e8fc-dd67-4201-b1d5-016381ef65b8 | |
| relation.isSeriesOfPublication | 26e8e5bc-dc81-469c-bd15-88e6f98f741d |
Files
Original bundle
1 - 1 of 1
- Name:
- GT-CS-11-10_final_tech_report.pdf
- Size:
- 584.4 KB
- Format:
- Adobe Portable Document Format
- Description:
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.76 KB
- Format:
- Item-specific license agreed upon to submission
- Description: