Confused Johnny: When automatic encryption leads to confusion and mistakes

SOUPS 2013 - Proceedings of the 9th Symposium on Usable Privacy and Security

Volumn , Issue , 2013, Pages

  Ruoti, Scott ^a   Kim, Nathan ^a   Burgon, Ben ^a   Van Der Horst, Timothy ^a   Seamons, Kent ^a  

^a 3361 TMCB   (United States)

Author keywords

Manual encryption; Secure email; Security overlays; Usable security

Indexed keywords

AMOUNT OF INFORMATION; CIPHERTEXTS; KEY MANAGEMENT; USABLE SECURITY; USER STUDY; WEBMAIL;

CRYPTOGRAPHY;

EID: 84883079764     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2501604.2501609     Document Type: Conference Paper

References (19)

1. H. Abelson, R. Anderson, S.M. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P.G. Neumann, R.L. Rivest, J.I. Schiller, et al. The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web Journal, 2(3):241-257, 1997.
2. A. Bangor, P. Kortum, and J. Miller. Determining what individual sus scores mean: Adding an adjective rating scale. Journal of Usability Studies, 4(3):114-123, 2009.
3. J. Brooke. Sus-a quick and dirty usability scale. Usability evaluation in industry, 189:194, 1996.
4. O. Chevassut, P.A. Fouque, P. Gaudry, and D. Pointcheval. Key derivation and randomness extraction. In In Crypto'05. Citeseer, 2005.
5. Robert B Cialdini. Influence: Science and practice, volume 4. Allyn and Bacon Boston, MA, 2001.
6. Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze. Why (special agent) johnny (still) can't encrypt: A security analysis of the apco project 25 two-way radio system. In Proceedings of the 20th USENIX Conference on Security. USENIX Association, 2011.
7. Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, and Uwe Sander. Helping johnny 2.0 to encrypt his facebook conversations. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS '12, pages 11:1-11:17, Washington, D.C., 2012. ACM.
8. Simson L. Garfinkel. Email-based identification and authentication: an alternative to PKI? IEEE Security & Privacy, pages 20-26, 2003.
9. Simson L. Garfinkel and Robert C. Miller. Johnny 2: A user test of key continuity management with s/mime and outlook express. In Proceedings of the 2005 symposium on Usable privacy and security, SOUPS '05, pages 13-24, Pittsburgh, Pennsylvania, 2005. ACM.
10. S. Gaw, E.W. Felten, and P. Fernandez-Kelly. Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 591-600. ACM, 2006.
11. C. Herley. So long, and no thanks for the externalities:The rational rejection of security advice by users. In Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pages 133-144. ACM, 2009.
12. H. Krawczyk. Cryptographic extraction and key derivation: The hkdf scheme. Advances in Cryptology-CRYPTO 2010, pages 631-648, 2010.
13. Chris Robison, Scott Ruoti, Timothy W van der Horst, and Kent E Seamons. Private facebook chat. In 2012 ASE/IEEE International Conference on Social Computing (SocialCom) and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT), pages 451-460. IEEE, 2012.
14. Adi Shamir. Identity-based cryptosystems and signature schemes. In George Blakley and David Chaum, editors, Advances in Cryptology, volume 196 of Lecture Notes in Computer Science, pages 47-53. Springer Berlin/Heidelberg, 1985. 10.1007/3-540-39568-7-5.
15. S. Sheng, L. Broderick, CA Koranda, and JJ Hyland. Why johnny still can't encrypt: evaluating the usability of email encryption software. In 2006 Symposium On Usable Privacy and Security - Poster Session, 2006.
16. Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. "i did it because i trusted you": Challenges with the study environment biasing participant behaviours. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.
17. San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on?: an empirical investigation of openid. In Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS '11, pages 4:1-4:20, Pittsburgh, Pennsylvania, 2011. ACM.
18. Timothy van der Horst and Kent Seamons. Simple authentication for the web. In Security and Privacy in Communication Networks, September 2007.
19. Alma Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, 1999.