usable encryption
play

Usable Encryption Class Presentation for CMSC 818D Wei Bai S - PowerPoint PPT Presentation

Sep 15, 2022 •568 likes •842 views

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

  1. Usable Encryption Class Presentation for CMSC 818D Wei Bai S

  3. Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network

  4. Public Key Encryption S Encryption/Decryption S Signing/Verifying

  5. Prototype for Public Key Encryption

  6. Prototype for Signing/Verifying Bob Alice

  7. Usable Encryption Design Aspects Key Encryption UI Management Design Aspects (Automatic) Encryption and Integration Decryption

  8. A. Whitten et al. “ Why Johnny can’t encrypt: a usability evaluation of PGP 5.0 ” S One of the pioneer works for encryption usability S Objective: Investigate usability in standard UI design vs security S A case study of PGP 5.0 through S Cognitive walkthrough analysis S Lab Study

  9. Definitions of Usability for Security S 1. Reliably made aware of the security tasks they need to perform S 2 . Able to figure out how to successfully perform those tasks S 3 . Don’t make dangerous errors S 4 . Comfortable with the interface to continue using it.

  10. Properties S 1. The unmotivated user property S 2 . The abstraction property S 3 . The lack of feedback property S 4 . The barn door property S 5 . The weakest link property

  11. Usability Standard for PGP S Encrypt/decrypt S Sign/verify S Key generation S Own public key publication S Public key acquiring S Avoid dangerous errors S Reasonable time

  12. Usability Analysis S Cognitive walkthrough Analysis S Wide considerations for more factors S Subjective S Lab Study S Limited scope of factor testing S Objective

  13. Cognitive analysis: Flaws in Design S Key management Issue S Visual : sign/verify S Different key types RSA for PGP, S Hellman/DSS for PGP 5.0 S S Key server S Errors playing with keys. Irreversible! Delete the private key, publicize the private key S

  14. Lab study S Integrate Eudora with PGP

  15. Lab study S Confirmed some points: S What keys to use? How to use them? S Confused about private/public keys S Use own/counterpart’s keys?

  16. Discussions 1. Dangerous errors and the barn door property: S If reversible? Regret allowed? S 2. Whether tutorials about encryption tasks, such as generating keys should be S included? Learnability: Learn by themselves, or taught by others? S 3. Is signing and verification necessary? S Closed circle S Phishing exists S 4. How about separating encryption and decryption tasks, to make study S shorter?

  17. S. Routi et al, “Confused Johnny: when automatic encryption leads to confusion and mistakes” S Objective S Investigate whether it makes more usable if hiding as many security details as possible S Method: S Lab study of Pwm (private webmail) system

  18. Pwm Highlights S Automatic key management and automatic encryption S Integrate tightly with existing webmail services S Key management by a key escrow S Advantage: Automatic key management S Users never lose their keys S Keys ported to new devices automatically S S Disadvantage Escrow has access to users’ keys S

  19. Comparative Usability Study S Task scenario: S Decrypt an email first S Send an encrypted email S Open a new Gmail session (with Pwm ended) S Perform well compared to existing webmail tools (w.r.t. SUS score)

  20. Key Findings S Performance of Message Protector is, on par with, slightly higher than Pwm. S Too transparent design loses trust to some extent S Reconsider manual encryption S The idea also comes from “Johnny for Facebook” paper.

  21. Discussions S Automatic key management by using a third party service? S Chicken and egg problem ! S Tradeoff between usability/security

  22. Helping Johnny 2.0 to encrypt His Facebook conversations S Objective: S Encryption usability for online social networks (OSNs) S Methods: S Two lab studies

  23. Mockup Lab Study

  24. Mockup Lab Study S Encryption schemes: S Auto/not auto: encryption button S Key management : S Manual: send keys over webmail S Auto: Passwords created at the first time, and then web browser caches it for further use.

  25. Key findings S Auto encryption and auto key management is preferable. S Manual encryption / manual decryption have higher security feeling, but lower acceptance S Key (password) recovery capability

  26. Discussions S Do/show something makes users assured? S Auto/not auto: encryption button S Key management : S Manual: send keys over webmail (chicken and egg problem again?) S S Auto: Passwords created at the first time, and then web browser caches it for further use. Password protection? Guessibility for password is much easier S than PKI keys.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein University of Illinois at Chicago & m Technische Universiteit Eindhoven c k More details, credits: competitions.cr.yp.to network

1.33k views • 118 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi, Aditi Shah, Bharath Subramanian, and Sauvik Das The Sixteenth Symposium on Usable Privacy and Security August 7th - 11th, 2020 High attention levels

1.03k views • 6 slides
Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key Management Service Client Side Encryption AWS Encryption SDK Server Side Encryption S3 Object Encryption Amazon Simple Storage Service

387 views • 22 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides
OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define compatible Define the trust model Discuss pro and con Decide, spec, implement Goal: combine confidentiality with services, if

470 views • 11 slides
Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for

Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for

Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security Justin Smith (Lafayette College) smithjus@lafayette.edu Lisa Nguyen Quang Do (Google) lisanqd@google.com Emerson Murphy-Hill (Google)

605 views • 15 slides
Overview: Funding and FTEs Distribution of Staffing Resources FTEs by Program Area Budget FY20

Overview: Funding and FTEs Distribution of Staffing Resources FTEs by Program Area Budget FY20

FY21 Departmental Budget Presentati on Budget and Appropriations Committee August 12, 2020 Pu b lic off ic e LeeAnn Pelham, Executive Director is a p u b lic t ru st . . . " Steven Massey, Acting Chief Operating Officer &

421 views • 6 slides
Neural Text xt Generation fr from Structured Data wit ith Appli licatio ion to the Bio

Neural Text xt Generation fr from Structured Data wit ith Appli licatio ion to the Bio

Neural Text xt Generation fr from Structured Data wit ith Appli licatio ion to the Bio iography Domain in Remi Lebret David Grangier Michael Auli EPFL, Switzerland Facebook AI Research Facebook AI Research (EMNLP)

319 views • 30 slides
Professional Practice Session 1 Main Room From Ambition to Delivery Liverpools innovation

Professional Practice Session 1 Main Room From Ambition to Delivery Liverpools innovation

Professional Practice Session 1 Main Room From Ambition to Delivery Liverpools innovation in meeting housing need Bernini and El Greco (This Room) Every House a Home? Raising and enforcing standards in the northern PRS Raphael and

1.31k views • 49 slides
Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity

Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity

Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems Greg Norcie Jim Blythe Kelly Caine L Jean Camp February 23 rd , 2014, NDSS Workshop on Usable Security Outline Tor o What is Tor? o What

437 views • 30 slides
How How Thinking Thinking in in Python Made Me a Better Python Made Me a Better Soware

How How Thinking Thinking in in Python Made Me a Better Python Made Me a Better Soware

How How Thinking Thinking in in Python Made Me a Better Python Made Me a Better Soware Engineer Soware Engineer EuroPython 2019 Johnny Dude bit.ly/ThinkPy Hi, I'm Johnny Dude Hi, I'm Johnny Dude Soware Engineer at TogaNetworks

1.34k views • 110 slides
Presentations That Sell Insider Secrets for Creating Winning Presentations Johnny The

Presentations That Sell Insider Secrets for Creating Winning Presentations Johnny The

Presentations That Sell Insider Secrets for Creating Winning Presentations Johnny The Transition Man Campbell, DTM, Accredited Speaker My Mission Keys For Crafting Winning Presentation That Sells Your Products and Services What is

1.07k views • 38 slides
Online Behavioral CyLab Advertising User Studies y & c S a e v c i u r P r i

Online Behavioral CyLab Advertising User Studies y & c S a e v c i u r P r i

Online Behavioral CyLab Advertising User Studies y & c S a e v c i u r P r i t e y l b L Pedr Pedro Giovanni Leon and o Giovanni Leon and Blase Blase Ur Ur a a s b U o b r a a t W3C DNT and Beyond

358 views • 25 slides

More recommend