Measuring Identity Confusion with Uniform Resource Locators

要旨

Uniform Resource Locators (URLs) unambiguously specify host identity on the web. URLs are syntactically complex, and although software can accurately parse identity from URLs, users are frequently exposed to URLs and expected to do the same. Unfortunately, incorrect assessment of identity from a URL can expose users to attacks, such as typosquatting and phishing. Our work studies how well users can correctly determine the host identity of real URLs from common services and obfuscated "look-alike" URLs. We observe that participants employ a wide range of URL parsing strategies, and can identify real URLs 93% of time. However, only 40% of obfuscated URLs were identified correctly. These mistakes highlighted several ways in which URLs were confusing to users and why their existing URL parsing strategies fall short. We conclude with future research directions for reliably conveying website identity to users.

キーワード
Usable Security
URL
Phishing
Server Identity
Authentication, URL Readability
著者
Joshua Reynolds
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Deepak Kumar
University of Illinois at Urbana-Champaign, Champaign, IL, USA
Zane Ma
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Rohan Subramanian
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Meishan Wu
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Martin Shelton
Google, Inc., San Francisco, CA, USA
Joshua Mason
University of Illinois at Urbana-Champaign, Urbana, IL, USA
Emily Stark
Google, Inc., Mountain View, CA, USA
Michael Bailey
University of Illinois at Urbana-Champaign, Champaign, IL, USA
DOI

10.1145/3313831.3376298

論文URL

https://doi.org/10.1145/3313831.3376298

会議: CHI 2020

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2020.acm.org/)

セッション: Security awareness, training & practices

Paper session
313B O'AHU
5 件の発表
2020-04-29 18:00:00
2020-04-29 19:15:00
日本語まとめ
読み込み中…