Publication details

Usability Insights from Establishing TLS Connections

Investor logo
Authors

KRAUS Lydia GRABOVSKÝ Matěj UKROP Martin GALANSKÁ Katarína MATYÁŠ Václav

Year of publication 2022
Type Article in Proceedings
Conference IFIP International Conference on ICT Systems Security and Privacy Protection
MU Faculty or unit

Faculty of Informatics

Citation
Web
Doi http://dx.doi.org/10.1007/978-3-031-06975-8_17
Keywords API usability; TLS; User satisfaction; Usable security
Attached files
Description TLS is crucial to network security, but TLS-related APIs have been repeatedly shown to be misused. While existing usable security research focuses on cryptographic primitives, the specifics of TLS interfaces seem to be under-researched. We thus set out to investigate the usability of TLS-related APIs in multiple libraries with a focus on identifying the specifics of TLS. We conducted a three-fold exploratory study with altogether 60 graduate students comparing the APIs of three popular security libraries in establishing TLS connections: OpenSSL, GnuTLS, and mbed TLS. We qualitatively analyzed submitted reports commenting on API usability and tested created source code. User satisfaction emerged as an interesting, potentially under-researched theme as all APIs received both positive and negative reviews. Abstraction level, error handling, entity naming, and documentation emerged as the most salient usability themes. Regarding functionality, checking for revoked certificates was especially complicated and other basic security checks seemed not easy as well. In summary, although there were conflicting opinions on both the interface and documentation of the libraries, several usability issues were shared among participants, forming a target for closer inspection and subsequent improvement.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info