Towards Usable Checksums: Automating the Integrity Verification of Web Downloads for the Masses

Huguenin, K.

doi:10.1145/3243734.3243746

Titre

Towards Usable Checksums: Automating the Integrity Verification of Web Downloads for the Masses

Type

article de conférence/colloque

Institution

UNIL/CHUV/Unisanté + institutions partenaires

Auteur(s)

Cherubini, M.

Auteure/Auteur

Meylan, A.

Auteure/Auteur

Chapuis, B.

Auteure/Auteur

Humbert, M.

Auteure/Auteur

Bilogrevic, I.

Auteure/Auteur

Huguenin, K.

Auteure/Auteur

Liens vers les personnes

Liens vers les unités

Dép. des systèmes d'information

Maison d’édition

ACM

Titre du livre ou conférence/colloque

Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS)

Adresse

Toronto, ON, Canada

Statut éditorial

Publié

Date de publication

2018-10

Première page

1256

Dernière page/numéro d’article

1271

Peer-reviewed

Oui

Langue

anglais

Résumé

Internet users can download software for their computers from app stores (e.g., Mac App Store and Windows Store) or from other sources, such as the developers' websites. Most Internet users in the US rely on the latter, according to our representative study, which makes them directly responsible for the content they download. To enable users to detect if the downloaded files have been corrupted, developers can publish a checksum together with the link to the program file; users can then manually verify that the checksum matches the one they obtain from the downloaded file. In this paper, we assess the prevalence of such behavior among the general Internet population in the US (N=2,000), and we develop easy-to-use tools for users and developers to automate both the process of checksum verification and generation. Specifically, we propose an extension to the recent W3C specification for sub-resource integrity in order to provide integrity protection for download links. Also, we develop an extension for the popular Chrome browser that computes and verifies checksums of downloaded files automatically, and an extension for the WordPress CMS that developers can use to easily attach checksums to their remote content. Our in situ experiments with 40 participants demonstrate the usability and effectiveness issues of checksums verification, and shows user desirability for our extension.

PID Serval

serval:BIB_9BD511E5C0D0

DOI

10.1145/3243734.3243746

Permalien

https://iris.unil.ch/handle/iris/214884

Open Access

Oui

Date de création

2018-08-13T09:17:56.724Z

Date de création dans IRIS

2025-05-21T03:49:47Z

Fichier(s)

Nom

Cherubini18CCS.pdf

Version du manuscrit

postprint

Taille

4.92 MB

Format

Adobe PDF

PID Serval

serval:BIB_9BD511E5C0D0.P001

URN

urn:nbn:ch:serval-BIB_9BD511E5C0D01

Somme de contrôle

(MD5):a3a6f16de72e22585a35e3e443f2d9aa