Building Website Certificate Mental Models

Expert security users make safer online decisions. However, average users do not have mental models for browser security and web certificates. Thus, they may make unsafe decisions online, putting their sensitive information at risk. Users can learn about browser security and their mental models can be developed using information visualization. We introduce an interactive interface designed for building mental models of web certificates for the average user, through visualization and interaction. This model was implemented to facilitate learning with a Mental Model Builder (MMB). The interface underwent a cognitive walkthrough usability inspection to evaluate the learnability and efficacy of the program. We found that there were unique and useful elements to our visualization of browser certificates. Thus, a 2nd generation interface was created and user-tested. Results show that it was successful in building mental models, and users made safer decisions about trusting websites.

[1]  Robert Biddle,et al.  Stop Clicking on "Update Later": Persuading Users They Need Up-to-Date Antivirus Protection , 2014, PERSUASIVE.

[2]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[4]  Alain Forget,et al.  Persuasion for Stronger Passwords: Motivation and Pilot Study , 2008, PERSUASIVE.

[5]  Sunny Consolvo,et al.  Rethinking Connection Security Indicators , 2016, SOUPS.

[6]  Monique W. M. Jaspers,et al.  A comparison of usability methods for testing interactive health technologies: Methodological aspects and empirical evidence , 2009, Int. J. Medical Informatics.

[7]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[8]  John T. Stasko,et al.  Mental Models, Visual Reasoning and Interaction in Information Visualization: A Top-down Perspective , 2010, IEEE Transactions on Visualization and Computer Graphics.

[9]  Robert Biddle,et al.  Browser interfaces and extended validation SSL certificates: an empirical study , 2009, CCSW '09.

[10]  Daniel Gopher,et al.  Mental models as a practical tool in the engineer's toolbox , 2005 .

[11]  L. Jean Camp,et al.  Mental Models of Security Risks , 2007, Financial Cryptography.

[12]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[13]  Robert Biddle,et al.  Exploring User Reactions to New Browser Cues for Extended Validation Certificates , 2008, ESORICS.

[14]  Cathleen Wharton,et al.  The cognitive walkthrough method: a practitioner's guide , 1994 .