Files in this item



application/pdfECE499-Sp2018-dickinson.pdf (280kB)Restricted to U of Illinois
(no description provided)PDF


Title:Tracking changes in browser security indicators
Author(s):Dickinson, Joseph
Contributor(s):Bailey, Michael
Subject(s):browser security
browser security indicators
enscripting browser data
HTTP vs HTTPS protocols
Abstract:Over the last several years, Hypertext Transfer Protocol Secure (HTTPS) has played an increasingly important role in protecting internet users from malicious actors. By encrypting the traffi c sent between the client (browser) and the web server, HTTPS prevents man-in-the-middle (MITM) attacks by ensuring both the privacy and integrity of data sent over the web. Protecting a user, however, requires that the user knows when their data is being encrypted and (more importantly) when it is not. As an example, unencrypted HTTP traffi c is regularly intercepted, inspected, and injected by ISPs, which at best violates user privacy, and at worst, can download malware onto user computers. In this thesis, we look at how browser developers have changed the ways in which they signal to users that a webpage is being served over HTTP versus HTTPS. Using the commercially available product Cross Browser Testing, we collected nearly 3000 unique screenshots that illustrate exactly what the user sees when visiting an otherwise identical page on HTTP versus HTTPS. By feature coding each of the screenshots, we systematically identify the efforts taken by different browser developers over time to alert the user of which protocol is being used. Specifcally, we look at the creation and changes to many security indicators such as the lock icon, additional coloring in the URL bar, words in the URL bar such as Secure, and a few others. This work provides a foundation for subsequent examination of how different browser indicator schemes influence the security posture of end users.
Issue Date:2018-05
Date Available in IDEALS:2018-05-23

This item appears in the following Collection(s)

Item Statistics