Reference : Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Pe...
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/43948
Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security
English
Distler, Verena mailto [University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Education, Culture, Cognition and Society (ECCS) >]
Lallemand, Carine mailto [University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Education, Culture, Cognition and Society (ECCS) >]
Koenig, Vincent mailto [University of Luxembourg > Faculty of Language and Literature, Humanities, Arts and Education (FLSHASE) > Education, Culture, Cognition and Society (ECCS) >]
2020
The 5th European Workshop on Usable Security (EuroUSEC 2020)
Yes
International
The 5th European Workshop on Usable Security (EuroUSEC 2020)
07-09-2020
[en] Usable Security and Privacy ; User Experience ; Encryption
[en] When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived
security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word
encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The
verbs “encrypt” and “secure” performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.
Researchers ; Students
http://hdl.handle.net/10993/43948
FnR ; FNR10621687 > Sjouke Mauw > SPsquared > Security and Privacy for System Protection > 01/01/2017 > 30/06/2023 > 2016

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
eusec20-Distler.pdfAuthor postprint917.64 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.