All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Usability Insights from Establishing TLS Connections

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F22%3A00126574" target="_blank" >RIV/00216224:14330/22:00126574 - isvavai.cz</a>

  • Result on the web

    <a href="https://crocs.fi.muni.cz/public/papers/ifipsec2022" target="_blank" >https://crocs.fi.muni.cz/public/papers/ifipsec2022</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-031-06975-8_17" target="_blank" >10.1007/978-3-031-06975-8_17</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Usability Insights from Establishing TLS Connections

  • Original language description

    TLS is crucial to network security, but TLS-related APIs have been repeatedly shown to be misused. While existing usable security research focuses on cryptographic primitives, the specifics of TLS interfaces seem to be under-researched. We thus set out to investigate the usability of TLS-related APIs in multiple libraries with a focus on identifying the specifics of TLS. We conducted a three-fold exploratory study with altogether 60 graduate students comparing the APIs of three popular security libraries in establishing TLS connections: OpenSSL, GnuTLS, and mbed TLS. We qualitatively analyzed submitted reports commenting on API usability and tested created source code. User satisfaction emerged as an interesting, potentially under-researched theme as all APIs received both positive and negative reviews. Abstraction level, error handling, entity naming, and documentation emerged as the most salient usability themes. Regarding functionality, checking for revoked certificates was especially complicated and other basic security checks seemed not easy as well. In summary, although there were conflicting opinions on both the interface and documentation of the libraries, several usability issues were shared among participants, forming a target for closer inspection and subsequent improvement.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    50800 - Media and communications

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2022

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    IFIP International Conference on ICT Systems Security and Privacy Protection

  • ISBN

    9783031069741

  • ISSN

    1868-4238

  • e-ISSN

  • Number of pages

    17

  • Pages from-to

    289-305

  • Publisher name

    Springer Verlag

  • Place of publication

    Cham, Germany

  • Event location

    Copenhagen, Denmark

  • Event date

    Jan 1, 2022

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000894108100017

Similar results(10)

Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL UsabilityDesign and Generation of a Set of Declarative APIs for Security OrchestrationHeatDtN manual