Security and usability engineering with particular attention to electronic mail

International Journal of Human Computer Studies

Volumn 63, Issue 1-2, 2005, Pages 51-73

  Roth, Volker ^a   Straub, Tobias ^b   Richter, Kai ^c  

^a OGM Laboratory LLC   (United States)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^c Fraunhofer Institut för Graphische Datenverarbeitung   (Germany)

Author keywords

Human computer interaction; Secure electronic mail; Security engineering; Transparent digital signatures; Transparent encryption; Usability and security

Indexed keywords

COMPUTER SOFTWARE; CRYPTOGRAPHY; ELECTRONIC MAIL; HUMAN COMPUTER INTERACTION; RISK MANAGEMENT; SECURITY OF DATA; VISUALIZATION;

SECURE ELECTRONIC MAIL; TRANSPARENT DIGITAL SIGNATURES; TRANSPARENT ENCRYPTION; USABILITY AND SECURITY;

USABILITY ENGINEERING;

EID: 19944404811     PISSN: 10715819     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijhcs.2005.04.015     Document Type: Article

References (36)

1. Anderson, J., 1973. Information security in a multi-user computer environment. Advances in Computers. Academic Press, New York, pp. 1-35.
2. R. Anderson, and T. Lomas Fortifying key negotiation schemes with poorly chosen passwords Electronics Letters 30 13 1994 1040 1041
3. Arkko, J., Nikander, P., 2002. How to authenticate unknown principals without trusted parties. In: Proceedings of the Security Protocols Workshop 2002, Cambridge, UK, April 2002.
4. Balfanz, D., 2003. Usable access control for the world wide web. In: Proceedings of the 19th Annual Computer Security Applications Conference. IEEE, New York, pp. 406-415.
5. D. Balfanz, G. Durfee, R. Grinter, and D.K. Smetters In search of usable security: five lessons from the field IEEE Security and Privacy 2 5 2004 19 24
6. Bellovin, S.M., Merritt, M., 1992. Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, 1992, pp. 72-84.
7. Bentley, D., Rose, G., Whalen, T., 1999. ssmail: opportunistic encryption in sendmail. In: Proceedings of the 13th Systems Administration Conference (LISA XIII), Seattle, WA, USA, November 1999. USENIX Association.
8. D. Boneh, and M. Franklin Identity based encryption from the Weil pairing SIAM Journal of Computing 32 3 2003 586 615
9. I. Brown, and C.R. Snow A proxy approach to e-mail security Software - Practice and Experience 29 12 1999 1049 1060
10. Castelluccia, C., Montenegro, G., Laganier, J., Neumann, C., 2004. Hindering eavesdropping via IPv6 opportunistic encryption. In: ESORICS, pp. 309-321.
11. Crocker, D.H., 1982. Standard for the format of ARPA Internet text messages. Request for Comments 822, Internet Engineering Task Force.
12. Davis, D., 1996. Compliance defects in public key cryptography. In: Proceedings of the Sixth USENIX Security Symposium, pp. 171-178. URL: citeseer.nj.nec.com/davis96compliance.html.
13. Dourish, P., Redmiles, D., 2002. An approach to usable security based on event monitoring and visualization. In: Proceedings of the New Security Paradigms Workshop, Virginia Beach, VA, USA, September 2002, ACM, New York, pp. 75-81.
14. Ellison, C., 1996. Establishing identity without certification authorities. In: Proceedings of the Sixth USENIX Security Symposium, July 1996.
15. Ellison, C., Schneier, B., 2000. Ten risks of PKI: what you're not being told about public key infrastructure. Computer Security Journal 16 (1), 1-7. Available online at URL http://www.counterpane.com/pki-risks.html.
16. Garfinkel, S., 2003. Enabling email confidentiality through the use of opportunistic encryption. In: National Conference on Digital Government Research, Boston, MA, May 2003.
17. Grinter, R.E., Smetters, D.K., 2003. Three challenges for embedding security into applications. In: Patrick, A., Long, C., Flinn, S. (organizers). Workshop on human-computer interaction and security systems at ACM CHI 2003. Web pages at URL: http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html.
18. Gutmann, P., 2003. Plug-and-play PKI: a PKI your mother can use. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA, August 2003.
19. D. Kahn The Codebreakers Second ed 1996 Scribner
20. Karvonen, K., Cardholm, L., Karlsson, S., 2000. Cultures of trust: a cross-cultural study on the formation of trust in an electronic environment. In: Proceedings of the Third Nordic Workshop on Security (NordSec 2000), Reykjavik, Iceland, October 2000.
21. Katz, J., Ostrovsky, R., Yung, M., 2001. Efficient password-authenticated key exchange using human-memorable passwords. In: EUROCRYPT, pp. 475-494.
22. Levien, R., McCarthy, L., Blaze, M., 1996. Transparent Internet e-mail security. Technical Report, AT&T Laboratories, Murray Hill, NJ 07974, 1996. Draft version.
23. D.A. Norman The Psychology of Everyday Things 1988 Basic Books USA
24. Patrick, A., Long, C., Flinn, S., (Organizers), 2003. Workshop on human-computer interaction and security systems at ACM CHI 2003. Web pages at URL: http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html.
25. Ramsdell, B., 1999. S/MIME Version 3 Message Specification. Request for Comments 2633, Internet Engineering Task Force.
26. J.H. Saltzer, and M.D. Schroeder The protection of information in computer systems Communications of the Association of Computing Machinery 17 7 1974
27. Sandhu, R., 2003. Good-enough security. IEEE Internet Computing, 66-68.
28. M.A. Sasse, S. Brostoff, and D. Weirich Transforming the "weakest link:" a human-computer interaction approach to usable and effective security BT Technical Journal 19 3 2001 122 131
29. Schneier, B., Hall, C., 1997. An improved e-mail security protocol. Technical Report, Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419.
30. Secure Communication System, 2005. http://www.secos.org.
31. Smetters, D.K., Grinter, R.E., 2002. Moving from the design of usable security technologies to the design of useful secure applications. In: Proceedings of the New Security Paradigms Workshop, Virginia Beach, VA, USA, September 2002. ACM, New York, pp. 82-89.
32. Stajano, F., Anderson, R.J., 1999. The resurrecting duckling: security issues for ad-hoc wireless networks. In: Proceeding of the Seventh International Security Protocols Workshop, 1999, pp. 172-194.
33. Whitten, A., Tygar, J.D., 1999. Why Johnny can't encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the Ninth USENIX Security Symposium, August 1999.
34. Whitten, A., Tygar, J.D., 2003. Safe staging for computer security. In: Patrick, A., Long, C., Flinn, S. (organizers). Workshop on human-computer interaction and security systems at ACM CHI 2003. Web pages at URL: http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html.
35. Wolthusen, S., 2003. A distributed multipurpose mail guard. In: Proceedings from the Fourth Annual IEEE SMC Information Assurance Workshop, United States Military Academy, West Point, NY, USA, June 2003. IEEE Press, New York, pp. 258-265.
36. Yee, K.-P., 2002. User interaction design for secure systems. In: Deng, R., Qing, S., Bao, F., Zhou, J., (Eds.), Proceedings of the Fourth International Conference on Information and Communications Security, Singapore. December 2002; Lecture Notes in Computer Science, vol. 2513. Springer, Berlin, pp. 278-290. ISBN 3-540-00164-6.