An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
Loading...
Date
2016
Journal Title
Journal ISSN
Volume Title
Publisher
USENIX
Abstract
Many critical communications now take place digitally, but recent
revelations demonstrate that these communications can often be intercepted.
To achieve true message privacy, users need end-to-end
message encryption, in which the communications service provider
is not able to decrypt the content. Historically, end-to-end encryption
has proven extremely difficult for people to use correctly, but
recently tools like Apple’s iMessage and Google’s End-to-End have
made it more broadly accessible by using key-directory services.
These tools (and others like them) sacrifice some security properties
for convenience, which alarms some security experts, but little
is known about how average users evaluate these tradeoffs. In a
52-person interview study, we asked participants to complete encryption
tasks using both a traditional key-exchange model and a
key-directory-based registration model. We also described the security
properties of each (varying the order of presentation) and
asked participants for their opinions. We found that participants understood
the two models well and made coherent assessments about
when different tradeoffs might be appropriate. Our participants recognized
that the less-convenient exchange model was more secure
overall, but found the security of the registration model to be “good
enough” for many everyday purposes.
Description
Keywords
Citation
Bai, W., Namara, M., Qian, Y., Kelley, P. G., Mazurek, M. L., & Kim, D. (2016). An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for {Key-Directory} Encryption Systems. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016) (pp. 113-130).