Simson L. Garfinkel
Robert C. Miller
ABSTRACT
Secure email has struggled with signifcant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. Key continuity management (KCM) has been proposed as a way to lower these barriers to adoption, by making key generation, key management, and message signing essentially automatic. We present the first user study of KCM-secured email, conducted on naïve users who had no previous experience with secure email. Our secure email prototype, CoPilot, color-codes messages depending on whether they were signed and whether the signer was previously known or unknown. This interface makes users signicantly less susceptible to social engineering attacks overall, but new-identity attacks (from email addresses never seen before) are still effective. Also, naïve users do use the Sign and Encrypt button on the Outlook Express toolbar when the situation seems to warrant it, even without explicit instruction, although some falsely hoped that Encrypt would protect a secret message even when sent directly to an attacker. We conclude that KCM is a workable model for improving email security today, but work is needed to alert users to "phishing" attacks.
References
- Whitfield Diffie and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, 1976.Google Scholar
Digital Library
- Simson L. Garfinkel. Email-based identification and authentication: An alternative to PKI? Security & Privacy Magazine, 1:20--26, Nov. - Dec. 2003. Google ScholarDigital Library
- Simson L. Garfinkel. Enabling email confidentiality through the use of opportunistic encryption. In The 2003 National Conference on Digital Government Research. National Science Foundation, 2003. Google ScholarDigital Library
- Simson L. Garfinkel, Jeffrey I. Schiller, Erik Nordlander, David Margrave, and Robert C. Miller. Views, reactions, and impact of digitally-signed mail in e-commerce. In Financial Cryptography and Data Security 2005. Springer Verlag, 2005. To Appear. Google ScholarDigital Library
- Peter Gutmann. Why isn't the Internet secure yet, dammit. In AusCERT Asia Pacific Information Technology Security Conference 2004; Computer Security: Are we there yet? AusCERT, May 2004.Google Scholar
- Loren M. Kohnfelder. Towards a practical public-key cryptosystem. PhD thesis, MIT, Cambridge, MA, May 1978. Undergraduate thesis supervised by L. Adleman.Google Scholar
- Kevin D. Mitnick and William L. Simon. The Art of Deception. John Wiley & Sons, 2002.Google Scholar
- B. Ramsdell. RFC 3851: Secure/multipurpose Internet mail extensions (S/MIME) version 3.1 message specification, July 2004.Google Scholar
- Frank Stajano and Ross Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In 1999 AT&T Software Symposium, pages 172--194. AT&T, September 15 1999. Google ScholarDigital Library
- TechSmith. Camtasia studio, 2005.Google Scholar
- Thawte Consulting. Certification practices statement version 2.1, January 9 2004.Google Scholar
- Alma Whitten. Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University, 2004.Google Scholar
- Alma Whitten. Personal communication, December 6 2004.Google Scholar
- Alma Whitten and J. D. Tygar. Usability of security: A case study. Technical report, Carnegie Mellon University, December 1998.Google Scholar
- Alma Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, pages 169 -- 184. Usenix, 1999. Google ScholarDigital Library
- T. Ylonen. SSH - secure login connections over the Internet. In Proceedings of the 6th Security Symposium) (USENIX Association: Berkeley, CA), page 37. Usenix, 1996. Google ScholarDigital Library
Index Terms
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
Comments