Signaface: Face Generation for SSL/TLS Certificate Change Detection Restricted; Files Only

Abstract

Cybercriminals and nation-states have a history of targeting individuals by luring them onto legitimate-looking websites to compromise them. The protection of modern websites, SSL/TLS, relies on a cryptographic certificate typically consisting of hard-to-parse sequences of numbers. Users, therefore, often fail to notice a change in the certificate and are tricked into visiting rogue websites that appear legitimate. Browsers are often incapable of detecting such attacks, such as redirection to rogue servers via misspelled URLs. This paper proposes Signaface as a method to help users curb potential security risks by representing SSL certificates with computer-generated faces and relying on the human eyes’ familiarity with faces to detect SSL changes. Sig- naface inputs a website’s SSL certificate signature to a generative adversarial neural network (GAN), which produces a synthetic and unique human face. We developed Chrome and Firefox extensions that show a face ’mascot’ in the corner of each web page every time the user visits so that they can familiarize themselves with the face mascot. We hypothesize that when a familiar face changes, a sufficient number of users will notice and report the change, lowering the attackers’ benefit-to-cost ratio. To test our theory, we devised a gamified experiment to evaluate people’s ability to detect face changes. This experiment investigates the effectiveness of using synthetic face mascots to visualize the web’s security information and how these results vary depending on whether participants and faces are from the same demographic group. 

Table of Contents

Contents

Introduction 1 Background and Related Work 5 Extension Design 13 Experiment 19 Discussion 32 Conclusion and Future Works 35 Appendix A 37 Bibliography 38 

About this Honors Thesis

Rights statement

• Permission granted by the author to include this thesis or dissertation in this repository. All rights reserved by the author. Please contact the author for information regarding the reproduction and use of this thesis or dissertation.

School	Emory College
Department	Computer Science
Degree	B.S.
Submission	Honors Thesis
Language	English
Research Field	Computer Science
Stichwort	User Privacy Human Computer Interaction Computer Security Hash Visualization
Committee Chair / Thesis Advisor	Ymir Vigfusson, Emory University
Committee Members	Ramnath K Chellappa, Emory University Emily Wall, Emory University

Zuletzt geändert

Primary PDF

Thumbnail	Title	Date Uploaded	Actions
	File download under embargo until 19 May 2025	2023-04-16 18:40:13 -0400	File download under embargo until 19 May 2025

Supplemental Files

Thumbnail	Title	Date Uploaded	Actions