secure email; privacy engineering; privacy indicators; user studies; usable security
Résumé :
[en] Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of information that should be communicated to users to inform them of the security and privacy properties with respect to different messages or correspondents. Contributing to the ongoing discussion on the usability and effectiveness of security and privacy indicators, particularly in the context of systems targeting non-expert users, this paper sheds light on users' evaluation of traffic light-inspired indicators, as a metaphor to represent different privacy states and guarantees, provided by a new system for email end-to-end encryption called p≡p. Using a mixed-methods approach, based on input gathered from 150 participants in three online studies, we highlight the pros and cons of the traffic light semantic in p≡p's context and beyond, and discuss the potential implications on the perceived security and use of such systems.
Disciplines :
Ingénierie, informatique & technologie: Multidisciplinaire, généralités & autres
Auteur, co-auteur :
STOJKOVSKI, Borce ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
KOENIG, Vincent ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
"I Personally Relate It to the Traffic Light": A User Study on Security & Privacy Indicators in a Secure Email System Committed to Privacy by Default
Date de publication/diffusion :
2021
Nom de la manifestation :
36th Annual ACM Symposium on Applied Computing
Date de la manifestation :
from 22-03-2021 to 26-03-2021
Titre de l'ouvrage principal :
Proceedings of the 36th Annual ACM Symposium on Applied Computing
Maison d'édition :
Association for Computing Machinery, New York, NY, USA, Inconnu/non spécifié
R Abu-Salma, M A Sasse, J Bonneau, A Danilova, A Naiakshina, and M Smith. 2017. Obstacles to the Adoption of Secure Communication Tools. In 2017 IEEE Symposium on Security and Privacy (SP). 137-153.
Alex Ainslie, Adrienne Porter Felt, Robert W. Reeder, Somas Thyagaraja, Helen Harris, Alan Bettes, Jeff Grimes, and Sunny Consolvo. 2015. Improving SSL Warnings. (2015), 2893-2902.
Bonnie Brinton Anderson, C. Brock Kirwan, Jeffrey L. Jenkins, David Eargle, Seth Howard, and Anthony Vance. 2015. How polymorphic warnings reduce habituation in the brain-insights from an FMRI study. Conference on Human Factors in Computing Systems-Proceedings 2015-April (2015), 2883-2892.
W. Ross Ashby. 1956. An Introduction to Cybernetics. Chapman & Hall, London. http://pcp. vub. ac. be/books/IntroCyb. pdf
Erinn Atwater, Cecylia Bocovich, Urs Hengartner, Ed Lank, and Ian Goldberg. 2015. Leading Johnny to Water: Designing for Usability and Trust. USENIX Association, 69-88.
Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L Mazurek. 2016. An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems. Symposium On Usable Privacy and Security (SOUPS) Soups (2016), 113-130.
W Bai, D Kim, M Namara, Y Qian, P G Kelley, and M L Mazurek. 2017. Balancing Security and Usability in Encrypted Email. IEEE Internet Computing 21, 3 (2017), 30-38.
Victoria Bellotti and Abigail Sellen. 1993. Design for Privacy in Ubiquitous Computing Environments. In Proceedings of the Third Conference on European Conference on Computer-Supported Cooperative Work (ECSCW'93). Kluwer Academic Publishers, USA, 77-92.
Jim Blythe, Jean Camp, and Vaibhav Garg. 2011. Targeted risk communication for computer security. International Conference on Intelligent User Interfaces, Proceedings IUI (2011), 295-298.
Cristian Bravo-Lillo, Lorrie Faith Cranor, Saranga Komanduri, Julie Downs, and Saranga Komanduri. 2011. Bridging the Gap in Computer Security Warnings: A Mental Model Approach. IEEE Security and Privacy 9, 2 (mar 2011), 18-26.
L. Jean Camp. 2011. Mental Models of Privacy and Security. SSRN Electronic Journal (2011).
Lorrie Faith Cranor. 2008. A framework for reasoning about the human in the loop. Proceedings of the 1st Conference on Usability, Psychology, and Security (UPSEC'08) (2008), 1-15.
Rachna Dhamija, J. D. Tygar, and Marti Hearst. 2006. Why Phishing Works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '06). ACM, New York, NY, USA, 581-590.
Julie S. Downs, Mandy B. Holbrook, and Lorrie Faith Cranor. 2006. Decision strategies and susceptibility to phishing. ACM International Conference Proceeding Series 149 (2006), 79-90.
V Dukhovni. 2014. Opportunistic Security: Some Protection Most of the Time. RFC 7435. RFC Editor. https://www. rfc-editor. org/info/rfc7435
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You'Ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 1065-1074.
Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo, and U C Berkeley. 2016. Rethinking Connection Security Indicators. the Symposium On Usable Privacy and Security (SOUPS) Soups (2016), 1-14.
Simson L Garfinkel and Robert C Miller. 2005. Johnny 2: A user test of key continuity management with S/MIME and Outlook Express. Proceedings of the 2005 symposium on Usable privacy and security 6 (2005), 13-24.
Shirley Gaw, Edward W. Felten, and Patricia Fernandez-Kelly. 2006. Secrecy, flagging, and paranoia. (2006), 591.
Jeffrey L. Jenkins, Bonnie Brinton Anderson, Anthony Vance, C. Brock Kirwan, and David Eargle. 2016. More harm than good? How messages that interrupt can make us vulnerable. Information Systems Research 27, 4 (2016), 880-896.
Patrick W. Jordan. 2000. Inclusive design: An holistic approach. Proceedings of the XIVth Triennial Congress of the International Ergonomics Association and 44th Annual Meeting of the Human Factors and Ergonomics Association, 'Ergonomics for the New Millennium' (2000), 917-920.
Kat Krol, Matthew Moroz, and M. Angela Sasse. 2012. Don't work. Can't work? Why it's time to rethink security warnings. 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012 (2012), 1-8.
Kenneth R. Laughery and Michael S. Wogalter. 2006. Designing Effective Warnings. Reviews of Human Factors and Ergonomics 2, 1 (2006), 241-271.
Joscha Lausch, Oliver Wiese, and Volker Roth. 2017. What is a Secure Email? EuroUSEC 2017 (2017).
A Lerner, E Zeng, and F Roesner. 2017. Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). 385-400.
Danielle Lottridge, Mark Chignell, and Aleksandra Jovicic. 2011. Affective Interaction: Understanding, Evaluating, and Designing for Human Emotion. Reviews of Human Factors and Ergonomics 7, 1 (2011), 197-217.
Hernâni Marques and Bernie Hoeneisen. 2019. pretty Easy privacy (pEp): Mapping of Privacy Rating. IETF Internet-Draft, https://tools. ietf. org/html/ draft-marques-pep-rating-01, Accessed: 10 October 2020.
Hernâni Marques and Bernie Hoeneisen. 2019. pretty Easy privacy (pEp): Privacy by Default . IETF Internet-Draft, https://tools. ietf. org/html/draft-birk-pep-03, Accessed: 10 October 2020.
Wolter Pieters. 2011. Explanation and trust: What to tell the user in security and AI? Ethics and Information Technology 13, 1 (2011), 53-64.
Karen Renaud, Melanie Volkamer, and Arne Renkema-Padmos. 2014. Why Doesn't Jane Protect Her Privacy?. In Privacy Enhancing Technologies, Emiliano De Cristofaro and Steven J Murdoch (Eds. ). Springer International Publishing, Cham, 244-262.
Volker Roth, Tobias Straub, and Kai Richter. 2005. Security and usability engineering with particular attention to electronic mail. Int. J. Hum. Comput. Stud. 63, 1-2 (2005), 51-73. https://doi. org/10. 1016/j. ijhcs. 2005. 04. 015
Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, and Kent Seamons. 2016. "We'Re on the Same Page": A Usability Study of Secure Email Using Pairs of Novice Users (CHI '16). ACM, 4298-4308.
Scott Ruoti, Jeff Andersen, Travis Hendershot, Daniel Zappala, and Kent Seamons. 2016. Private Webmail 2. 0: Simple and easy-to-use secure email. UIST 2016-Proceedings of the 29th Annual Symposium on User Interface Software and Technology (2016), 461-472. arXiv:1510. 08435
Scott Ruoti, Nathan Kim, Ben Burgon, Timothy van der Horst, and Kent Seamons. 2013. Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes (SOUPS '13). ACM, 5:1-5:12.
Scott Ruoti and Kent Seamons. 2019. Johnny's Journey Toward Usable Secure Email. IEEE Security and Privacy 17, 6 (2019), 72-76.
Itzel Vázquez Sandoval and Gabriele Lenzini. 2019. A Formal Security Analysis of the pep Authentication Protocol for Decentralized Key Distribution and Endto-End Encrypted Email. In 2nd International Workshop on Emerging Technologies for Authorization and Authentication, ESORICS International Workshops.
Jeff Sauro and James R. Lewis. 2016. Quantifying the User Experience, Second Edition: Practical Statistics for User Research (2nd ed. ). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA.
Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. 2007. The Emperor's New Security Indicators. In 2007 IEEE Symposium on Security and Privacy (SP '07). 51-65.
Steve Sheng, Levi Broderick, Jeremy J Hyland, and Colleen Alison Koranda. 2006. Why Johnny still can't encrypt: evaluating the usability of email encryption software. Symposium On Usable Privacy and Security (2006), 3-4.
Borce Stojkovski and Gabriele Lenzini. 2020. Evaluating ambiguity of privacy indicators in a secure email app. In Proceedings of the Fourth Italian Conference on Cyber Security, Ancona, Italy, February 4th to 7th, 2020 (CEUR Workshop Proceedings), Michele Loreti and Luca Spalazzi (Eds. ), Vol. 2597. CEUR-WS. org, 223-234.
Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectivenes. 18th USENIX Security Symposium (2009), 399-432.
Joshua Tan, Lujo Bauer, Joseph Bonneau, Lorrie Faith Cranor, Jeremy Thomas, and Blase Ur. 2017. Can Unicorns Help Users Compare Crypto Key Fingerprints?. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 3787-3798.
W. Tong, Gold S., S. Gichohi, M. Roman, and J. Frankle. 2014. Why King George III Can Encrypt. https://www. cs. princeton. edu/~arvindn/teaching/ spring-2014-privacy-technologies/king-george-iii-encrypt. pdf
Tara Whalen and Kori M. Inkpen. 2005. Gathering evidence: Use of visual security cues in web browsers. Proceedings-Graphics Interface (2005), 137-144.
Alma Whitten and J D Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5. 0 (SSYM'99). USENIX Association, 14.
Michael S Wogalter, David M DeJoy, and Kenneth R Laughery. 1999. Warnings and risk communication.
Michael S. Wogalter and Kenneth R. Laughery. 1996. Warning! Sign and label effectiveness. Current Directions in Psychological Science 5, 2 (1996), 33-37.
Min Wu, Robert C. Miller, and Simson L. Garfinkel. 2006. Do security toolbars actually prevent phishing attacks? Conference on Human Factors in Computing Systems-Proceedings 1 (2006), 601-610.
