Gassmann, Maël; Laube, Annett (29 September 2023). Verifiable Labels for Digital Services: A Practical Approach In: DIGITAL 2023, Advances on Societal Digital Transformation (pp. 8-12). Wilmington, DE, USA: International Academy, Research, and Industry Association (IARIA)
|
Text
digital_2023_1_20_20012.pdf - Published Version Available under License Publisher holds Copyright. Download (844kB) | Preview |
Users often feel unsafe and unsecure when they use digital services. For normal users without technical backgrounds, it is difficult to recognize if a website is genuine. This makes them vulnerable to phishing attacks. In order to solve this issue, many organizations use corporate designs or logos to guide users through their websites. However, all this can be easily copied. More technical means are also advertised as solutions, like trusted Transport Layer Security (TLS) certificates or Extended Validation (EV) certificates, but they are too complicated for non-technical users and barely make any difference. Right now, users lack a way to easily verify that they are using the intended digital service. A pure visual indication, e.g., with simple graphic files or technical means users don’t understand, is not sufficient. Using the TLS Public Key Infrastructure (PKI), verifiable labels will use these certificates to bind an entity’s label to the certificate’s key pair. Instead of trying to provide automated trust, verifiable labels acknowledge the presence of ill-intentioned entities. In order to differentiate them from trustworthy actors, cryptography is used to define facts, which allows a user client to form easily understandable recommendations and analyze a certain actor’s reputation. Thus, allowing users to naturally develop an opinion and make an educated guess as to whether an entity is worthy of their trust or not. The end goal would be that most business websites that ask for some level of trust would use verifiable labels; this way, websites with bad or no labels would start to stand out.
Item Type: |
Conference or Workshop Item (Paper) |
|---|---|
Division/Institute: |
School of Engineering and Computer Science > Institute for Data Applications and Security (IDAS) School of Engineering and Computer Science > Institute for Data Applications and Security (IDAS) > IDAS / Identity and Access Management (IAM) School of Engineering and Computer Science |
Name: |
Gassmann, Maël and Laube, Annett |
Subjects: |
Q Science > QA Mathematics > QA76 Computer software T Technology > T Technology (General) |
ISBN: |
978-1-68558-115-2 |
Publisher: |
International Academy, Research, and Industry Association (IARIA) |
Language: |
English |
Submitter: |
Annett Laube |
Date Deposited: |
19 Feb 2024 15:14 |
Last Modified: |
19 Feb 2024 15:18 |
Related URLs: |
|
Additional Information: |
Die Erlaubnis, diese Datei im ARBOR-Repository zu veröffentlichen, wurde eingeholt |
Uncontrolled Keywords: |
Trust; Anti-Phishing; Digital Label |
ARBOR DOI: |
10.24451/arbor.21265 |
URI: |
https://arbor.bfh.ch/id/eprint/21265 |
Actions (login required)
 |
View Item |