This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/99988
Description
Title
Tracking changes in browser security indicators
Author(s)
Dickinson, Joseph
Contributor(s)
Bailey, Michael
Issue Date
2018-05
Keyword(s)
browser security
browser security indicators
enscripting browser data
HTTP vs HTTPS protocols
Abstract
Over the last several years, Hypertext Transfer Protocol Secure (HTTPS)
has played an increasingly important role in protecting internet users from
malicious actors. By encrypting the traffi c sent between the client (browser)
and the web server, HTTPS prevents man-in-the-middle (MITM) attacks by
ensuring both the privacy and integrity of data sent over the web. Protecting
a user, however, requires that the user knows when their data is being encrypted and (more importantly) when it is not. As an example, unencrypted
HTTP traffi c is regularly intercepted, inspected, and injected by ISPs, which
at best violates user privacy, and at worst, can download malware onto user
computers.
In this thesis, we look at how browser developers have changed the ways in
which they signal to users that a webpage is being served over HTTP versus
HTTPS. Using the commercially available product Cross Browser Testing, we
collected nearly 3000 unique screenshots that illustrate exactly what the user
sees when visiting an otherwise identical page on HTTP versus HTTPS. By
feature coding each of the screenshots, we systematically identify the efforts
taken by different browser developers over time to alert the user of which
protocol is being used. Specifcally, we look at the creation and changes to
many security indicators such as the lock icon, additional coloring in the
URL bar, words in the URL bar such as Secure, and a few others. This work
provides a foundation for subsequent examination of how different browser
indicator schemes
influence the security posture of end users.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
