Title:
An Empirical Evaluation of Security Indicators in Mobile Web Browsers
An Empirical Evaluation of Security Indicators in Mobile Web Browsers
Authors
Amrutkar, Chaitrali
Traynor, Patrick
van Oorschot, Paul C.
Traynor, Patrick
van Oorschot, Paul C.
Authors
Advisors
Advisors
Associated Organizations
Collections
Supplementary to
Permanent Link
Abstract
Mobile browsers are increasingly being relied
upon to perform security sensitive operations. Like their
desktop counterparts, these applications can enable SSL/TLS
to provide strong security guarantees for communications over
the web. However, the drastic reduction in screen size and the
accompanying reorganization of screen real-estate significantly
changes the use and consistency of the security indicators
and certificate information that alert users of site identity
and the presence of strong cryptographic algorithms. In this
paper, we perform the first measurement of the state of
critical security indicators in mobile browsers. We evaluate
nine mobile and two tablet browsers, representing over 90% of
the market share, against the recommended guidelines for web
user interface to convey security set forth by the World Wide
Web Consortium (W3C). While desktop browsers follow the
majority of guidelines, our analysis shows that mobile browsers
fall significantly short. We also observe notable inconsistencies
across mobile browsers when such mechanisms actually are
implemented. We show where and how these failures on
mobile browsers eliminate clues previously designed for, and
still present in, desktop browsers to detect attacks such as
phishing and man-in-the-middle. Finally, we offer advice on
where current standards are unclear or incomplete.¹
Sponsor
Date Issued
2011
Extent
Resource Type
Text
Resource Subtype
Technical Report