Stopping spyware at the gate

Good, Nathaniel; Dhamija, Rachna; Großklags, Jens; Thaw, David; Aronowitz, Steven; Mulligan, Deirdre K.; Konstan, Joseph A.

doi:10.1145/1073001.1073006

Cited by 86 publications

(16 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The major concern about using malformed or untrusted certificates when users are involved is that browsers allow users to continue the interaction even if the certificate cannot be validated. This behaviour is known as "click(ing) through" security [77]. The literature concludes that the majority of average users do not understand the warnings shown by browsers upon a handshake with a defective certificate and decide to access the service [78] since PKI is complex and hard to understand.…”

Section: A Current State Of Pki Certificatesmentioning

confidence: 99%

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Díaz-Sánchez

Marin-Lopez

Almenárez

et al. 2019

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed.

show abstract

Section: A Current State Of Pki Certificatesmentioning

confidence: 99%

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Díaz-Sánchez

Marin-Lopez

Almenárez

et al. 2019

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…Furthermore, consumers spend only about one‐fifth of the estimated required reading time when they do read notices (Grossklags and Good 2007; Kay and Terry 2009). Shorter summaries of information or layered notices get mixed results (Good et al 2005; McDonald et al 2009; Proctor, Ali, and Vu 2008). Standardization may help consumers transfer learning and make comparisons (McDonald et al 2009); research on a standardized privacy “label” showed improvements in consumers finding and understanding information and easily comparing policies (Kelley et al 2009a, 2009b).…”

Section: Previous Researchmentioning

confidence: 99%

Designing Evidence‐based Disclosures: A Case Study of Financial Privacy Notices

Garrison¹,

Hastak

Hogarth³

et al. 2012

Journal of Consumer Affairs

View full text Add to dashboard Cite

Disclosure is a key component of consumer protection policy. By informing consumers about a product or service, disclosures can help consumers understand product features and shop among products and providers to find the combination of features and price that best meets their needs. For example, the Gramm-Leach-Bliley Act (GLBA, 15 U.S.C. 6801-6809) provides for disclosures of information-sharing practices of financial institutions and, in some cases, requires that these institutions offer consumers the opportunity to limit some of this sharing. Using these disclosures as a case study, this paper explores how research can help policymakers shift from a perspective of developing disclosures that are in technical compliance with the law to one of developing disclosures that consumers pay attention to, understand and use in their decision making.

show abstract

“…4) User should observe that site addresses that start with "https://" are secured sites. 5) There are security tips available online to secure PI data from spywares and other applications [8,19].…”

Section: User Awarenessmentioning

confidence: 99%

“…One way to define it is the right of a user to control information about himself/herself. There are cases showing concerns and problems in the current implementation of user privacy management, such as issues with ChoicePoint Inc. [10] and U.S. Federal Trade Commission's complaint against SpyBlast [8]. Data misuses could have been prevented to some extent by using data encryption and security techniques [1,2].…”

Section: Introductionmentioning

confidence: 99%

A Privacy Assessment Approach for Serviced Oriented Architecture Application

Doddapaneni

Murthy

2006

2006 Second IEEE International Symposium on Service-Oriented System Engineering (SOSE'06)

View full text Add to dashboard Cite

Web services are middle-tier technologies used to access backend applications to perform various operations. Their usage has significantly increased in ecommerce applications since their introduction. Because of their wide usage, security in web services has become an important point of interest for many. User data provided by users during their transactions with online web services can be stolen and illegally used. Thus web service providers have started to strengthen security. This can lead to lack of user privacy. Privacy has received relatively less attention during the growth of information technology. User privacy management needs to be both from the user side and from web application side. User awareness about information security is the factor for user side privacy management. On the application side, the web applications must be compliant to privacy policies. In this paper, an approach is designed and implemented for a Privacy Policy Checker engine that automatically verifies and certifies a web service application based on the levels of overall privacy principle compliance and privacy statement compliance.

show abstract

Stopping spyware at the gate

Cited by 86 publications

References 14 publications

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Designing Evidence‐based Disclosures: A Case Study of Financial Privacy Notices

A Privacy Assessment Approach for Serviced Oriented Architecture Application

Contact Info

Product

Resources

About