Exploring Website Location as a Security Indicator

Authors: Der-Yeuan Yu, Elizabeth Stobert, David Basin, and Srdjan Čapkun

Proceedings of the NDSS Workshop on Usable Security (USEC), Internet Society, San Diego, USA, 2018

Abstract

Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as a comprehensible additional trust factor. In this work, we explore users’ acceptance of location information and how it affects decision-making for security and privacy. We conducted a series of qualitative interviews to learn how location can be integrated into users’ decision-making for security, and we designed a security indicator to alert the user to changes in website locations. We evaluated our tool in a 44-participant user study and found that users were less likely to perform security-

sensitive tasks when alerted to location changes. Our results suggest that website location can be used as an effective indicator for users’ security assessments

People

Dr. Der-Yeuan Yu

Doctoral Student (2012 – 2017)

Zühlke, Zurich

Dr. Elizabeth Stobert

Post-doc (2015 – 2017)

Assistant Professor, Carleton University

Prof. Srdjan Čapkun

Group Leader

BibTex

@INPROCEEDINGS{yu2018exploring,
	isbn = {1-891562-53-3},
	doi = {10.14722/usec.2018.23012},
	year = {2018-02},
	booktitle = {Proceedings of the NDSS Workshop on Usable Security (USEC), Internet Society, San Diego, USA, 2018},
	type = {Conference Paper},
	author = {Yu, Der-Yeuan and Stobert, Elizabeth and Basin, David and Capkun, Srdjan},
	size = {13 p.},
	abstract = {Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as a comprehensible additional trust factor. In this work, we explore users’ acceptance of location information and how it affects decision-making for security and privacy. We conducted a series of qualitative interviews to learn how location can be integrated into users’ decision-making for security, and we designed a security indicator to alert the user to changes in website locations. We evaluated our tool in a 44-participant user study and found that users were less likely to perform security-sensitive tasks when alerted to location changes. Our results suggest that website location can be used as an effective indicator for users’ security assessments},
	language = {en},
	address = {Reston, VA},
	publisher = {Internet Society},
	title = {Exploring Website Location as a Security Indicator},
	Note = {NDSS Workshop on Usable Security (USEC) 2018; Conference Location: San Diego, CA, USA; Conference Date: February 18, 2018}
}

Research Collection: 20.500.11850/294045