Cryptographic Dysfunctionality-A Survey on User Perceptions of Digital Certificates
- 1.1k Downloads
In this paper we identify and define cryptographic dysfunctionality and within this context we perform a study to evaluate user perceptions of public key cryptography concepts. The study makes use of user testing, questionnaires and wrap-up interviews with 121 young, but experienced Internet users during their interactions with selected secure Internet locations. The results show that the vast majority of users are not familiar with fundamental concepts of cryptography, and that they are not capable of efficiently managing digital certificates. This case study serves as first evidence supporting our hypothesis that user interface design is deteriorating cryptographic solutions effectiveness due to usability issues.
KeywordsPublic Key Infrastructure Usability Security Digital Certificates
Unable to display preview. Download preview PDF.
- 1.APWG: Phishing Activity Trends Report 2nd Quarter 2010 (2010)Google Scholar
- 2.Matrosov, A., Rodionov, E., Harley, D., Malcho, J.: Stuxnet Under the Microscope. ESET Technical Report (2011)Google Scholar
- 3.Kaspersky Lab: Kaspersky Lab provides its insights on Stuxnet worm. Kaspersky Lab Technical Repost (2010), http://www.kaspersky.com/news?id=207576183
- 5.Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Trans. on Info. Theory IT-22, 644–654 (1976)Google Scholar
- 6.Massimiliano, P., Smith, S.: Finding the PKI needles in the Internet haystack. Journal of Computer Security 18(3) (2010); The 2007 European PKI Workshop: Theory and Practice (EuroPKI 2007)Google Scholar
- 7.Davis, D.: Compliance Defects in Public-Key Cryptography. In: Proc. 6th Usenix Security Symp., San Jose, CA, pp. 171–178 (1996)Google Scholar
- 8.Whitten, A., Tygar, D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, pp. 169–183 (1999)Google Scholar
- 9.Kirk, J.: Zeus malware used pilfered digital certificate. In: Computer World (2010)Google Scholar
- 10.Wegele, T.: Malware signed with fake Avira Certificate. Computer Security News & Articles (2011)Google Scholar