Publication details
Usability Insights from Establishing TLS Connections
Authors | |
---|---|
Year of publication | 2022 |
Type | Article in Proceedings |
Conference | IFIP International Conference on ICT Systems Security and Privacy Protection |
MU Faculty or unit | |
Citation | |
Web | |
Doi | http://dx.doi.org/10.1007/978-3-031-06975-8_17 |
Keywords | API usability; TLS; User satisfaction; Usable security |
Attached files | |
Description | TLS is crucial to network security, but TLS-related APIs have been repeatedly shown to be misused. While existing usable security research focuses on cryptographic primitives, the specifics of TLS interfaces seem to be under-researched. We thus set out to investigate the usability of TLS-related APIs in multiple libraries with a focus on identifying the specifics of TLS. We conducted a three-fold exploratory study with altogether 60 graduate students comparing the APIs of three popular security libraries in establishing TLS connections: OpenSSL, GnuTLS, and mbed TLS. We qualitatively analyzed submitted reports commenting on API usability and tested created source code. User satisfaction emerged as an interesting, potentially under-researched theme as all APIs received both positive and negative reviews. Abstraction level, error handling, entity naming, and documentation emerged as the most salient usability themes. Regarding functionality, checking for revoked certificates was especially complicated and other basic security checks seemed not easy as well. In summary, although there were conflicting opinions on both the interface and documentation of the libraries, several usability issues were shared among participants, forming a target for closer inspection and subsequent improvement. |
Related projects: |