Visible to the public Analyzing the Browser Security Warnings on HTTPS Errors

TitleAnalyzing the Browser Security Warnings on HTTPS Errors
Publication TypeConference Paper
Year of Publication2019
AuthorsWang, Congli, Lin, Jingqiang, Li, Bingyu, Li, Qi, Wang, Qiongxiao, Zhang, Xiaokun
Conference NameICC 2019 - 2019 IEEE International Conference on Communications (ICC)
Date Publishedmay
Keywordsbrowser behaviors, browser defects, browser security warnings, certificate verification, certification, common HTTPS errors, composability, compositionality, cryptographic algorithm, cryptography, data confidentiality, data privacy, encoding, Error analysis, error correction codes, HPKP, HSTS, Human Behavior, human factors, Internet, Metrics, name validation, online front-ends, Phase change materials, Programming, pubcrawl, reliability, resilience, Resiliency, Resistance, secure connections, secure Web applications, telecommunication security, valid certificate chain, Web Browser Security
AbstractHTTPS provides authentication, data confidentiality, and integrity for secure web applications in the Internet. In order to establish secure connections with the target website but not a man-in-the-middle or impersonation attacker, a browser shows security warnings to users, when different HTTPS errors happen (e.g., it fails to build a valid certificate chain, or the certificate subject does not match the domain visited). Each browser implements its own design of warnings on HTTPS errors, to balance security and usability. This paper presents a list of common HTTPS errors, and we investigate the browser behaviors on each error. Our study discloses browser defects on handling HTTPS errors in terms of cryptographic algorithm, certificate verification, name validation, HPKP, and HSTS.
Citation Keywang_analyzing_2019