Skip to main content

Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps

  • 73 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13176)

Abstract

End-to-end encryption (E2EE) of everyday communication plays an essential role in protecting citizens from mass surveillance. The especially vulnerable group of children and young adolescents move quickly between chat apps and use them frequently and intensively. Yet they have had the least time to learn about online security compared to other age groups. In a two-part study conducted with four classes at a junior high school (\(N = 86\) students, ages 12–16), we examined perceptions of security and privacy threats related to chat apps and understanding of E2EE using a questionnaire. A pre-post measure allowed us to examine how a short instruction video shown in class to explain the concept of E2EE and how it works in chat apps affected students’ security understanding and threat perceptions. Our results show that students are aware of a variety of online threats but they are not familiar with the term E2EE. After the instruction, students gained confidence in explaining the concept of encryption and their understanding of the security features of E2EE improved. Our results also show that explanation of threats and E2EE can shift the intention of some participants towards tools that offer more protection.

Keywords

  • End-to-end encryption
  • Secure communication
  • Secure messaging
  • Security knowledge
  • Threat perceptions

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-10183-0_3
  • Chapter length: 22 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-10183-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    Opportunistic E2EE: A system where users do not verify the correctness of their encryption keys for a given contact. The key server has to be trusted by users.

References

  1. Abu-Salma, R., Redmiles, E.M., Ur, B., Wei, M.: Exploring user mental models of end-to-end encrypted communication tools. In: 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18) (2018)

    Google Scholar 

  2. Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 137–153. IEEE (2017)

    Google Scholar 

  3. Akgul, O., Bai, W., Das, S., Mazurek, M.L.: Evaluating in-workflow messages for improving mental models of end-to-end encryption. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, August 2021

    Google Scholar 

  4. Anderson, M., Jiang, J.: Teens, social media and technology 2018. Pew Research Center 31, 2018 (2018)

    Google Scholar 

  5. Bai, W., Pearson, M., Kelley, P.G., Mazurek, M.L.: Improving non-experts’ understanding of end-to-end encryption: an exploratory study. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &P), pp. 210–219 (2020). https://doi.org/10.1109/EuroSPW51379.2020.00036

  6. Bandura, A.: Self-efficacy: toward a unifying theory of behavioral change. Psychol. Rev. 84, 191–215 (1977). https://doi.org/10.1037//0033-295x.84.2.191

    CrossRef  Google Scholar 

  7. Dechand, S., Naiakshina, A., Danilova, A., Smith, M.: In encryption we don’t trust: the effect of end-to-end encryption to the masses on user perception. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 401–415. IEEE (2019)

    Google Scholar 

  8. Demjaha, A., Spring, J.M., Becker, I., Parkin, S., Sasse, M.A.: Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption. In: Proceedings 2018 Workshop on Usable Security, vol. 2018. Internet Society (2018)

    Google Scholar 

  9. Dengel, A.: Public-private-key encryption in virtual reality: predictors of students’ learning outcomes for teaching the idea of asymmetric encryption. CoolThink@ JC, p. 41 (2020)

    Google Scholar 

  10. diSessa, A.: Models of computation. In: Norman, D.A., Draper, S.W. (eds.) User Centered System Design: New Perspectives on Human-Computer Interaction, pp. 201–218. Lawrence Erlbaum Associates, Hillsdale (1986)

    CrossRef  Google Scholar 

  11. Electronic Frontier Foundation: Surveillance self-defense: tips, tools and how-tos for safer online communications. https://ssd.eff.org/en

  12. Field, A.: Discovering Statistics Using IBM SPSS Statistics, 4th edn. Sage, London (2013)

    Google Scholar 

  13. Freelon, D.G.: ReCal: intercoder reliability calculation as a web service. Int. J. Internet Sci. 5(1), 20–33 (2010)

    Google Scholar 

  14. Gerber, N., Zimmermann, V., Henhapl, B., Emeröz, S., Volkamer, M.: Finally Johnny can encrypt: but does this make him feel more secure? In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–10 (2018)

    Google Scholar 

  15. Herzberg, A., Leibowitz, H.: Can Johnny finally encrypt? Evaluating E2E-encryption in popular IM applications. In: Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust, pp. 17–28 (2016)

    Google Scholar 

  16. Johnson-Laird, P.N.: Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness. Harvard University Press (1983)

    Google Scholar 

  17. Krombholz, K., Busse, K., Pfeffer, K., Smith, M., von Zezschwitz, E.: “If HTTPS were secure, I wouldn’t need 2FA”- End user and administrator mental models of HTTPS. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 246–263. IEEE (2019)

    Google Scholar 

  18. Lindmeier, A., Mühling, A.: Keeping secrets: K-12 students’ understanding of cryptography. In: Proceedings of the 15th Workshop on Primary and Secondary Computing Education. WiPSCE 2020. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3421590.3421630

  19. O’Connor, C., Joffe, H.: Intercoder reliability in qualitative research: debates and practical guidelines. Int. J. Qual. Methods 19, 1–13 (2020). https://doi.org/10.1177/1609406919899220

    CrossRef  Google Scholar 

  20. Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)

    Google Scholar 

  21. Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When signal hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016)

    Google Scholar 

  22. Team Guild: A timeline of trouble: Facebook’s privacy record, August 2021. https://guild.co/blog/complete-list-timeline-of-facebook-scandals/. Posted 04 Aug 2012

  23. Vaziripour, E., et al.: Is that you, Alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017)

    Google Scholar 

  24. Weirich, D., Sasse, M.A.: Pretty good persuasion: a first step towards effective password security in the real world. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 137–143 (2001)

    Google Scholar 

  25. Wenger, E.: Communities of practice and social learning systems: the career of a concept. In: Blackmore, C. (ed.) Social Learning Systems and Communities of Practice, pp. 179–198. Springer, London (2010). https://doi.org/10.1007/978-1-84996-133-2_11

    CrossRef  Google Scholar 

  26. Wu, J., Zappala, D.: When is a tree really a truck? Exploring mental models of encryption. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 395–409. USENIX Association, Baltimore (2018)

    Google Scholar 

Download references

Acknowledgment

Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to M. Angela Sasse .

Editor information

Editors and Affiliations

Appendix

Appendix

1.1 Code Frequencies for Free-Text Answers Before (t1) and After (t2) the Instruction Video

Table 3. Code frequencies for free-text answers before (t1) and after (t2) the instruction video. \(\kappa \) denotes Cohen’s Kappa for each code group, weighted by code frequency.

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Schaewitz, L., Lohmann, C.A., Fischer, K., Sasse, M.A. (2022). Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)