Cryptographic Dysfunctionality-A Survey on User Perceptions of Digital Certificates

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 99)


In this paper we identify and define cryptographic dysfunctionality and within this context we perform a study to evaluate user perceptions of public key cryptography concepts. The study makes use of user testing, questionnaires and wrap-up interviews with 121 young, but experienced Internet users during their interactions with selected secure Internet locations. The results show that the vast majority of users are not familiar with fundamental concepts of cryptography, and that they are not capable of efficiently managing digital certificates. This case study serves as first evidence supporting our hypothesis that user interface design is deteriorating cryptographic solutions effectiveness due to usability issues.


Public Key Infrastructure Usability Security Digital Certificates 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    APWG: Phishing Activity Trends Report 2nd Quarter 2010 (2010)Google Scholar
  2. 2.
    Matrosov, A., Rodionov, E., Harley, D., Malcho, J.: Stuxnet Under the Microscope. ESET Technical Report (2011)Google Scholar
  3. 3.
    Kaspersky Lab: Kaspersky Lab provides its insights on Stuxnet worm. Kaspersky Lab Technical Repost (2010),
  4. 4.
    Lekkas, D.: Establishing and managing trust within the Public Key Infrastructure. Computer Communications 26(16), 1815–1825 (2003)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Trans. on Info. Theory IT-22, 644–654 (1976)Google Scholar
  6. 6.
    Massimiliano, P., Smith, S.: Finding the PKI needles in the Internet haystack. Journal of Computer Security 18(3) (2010); The 2007 European PKI Workshop: Theory and Practice (EuroPKI 2007)Google Scholar
  7. 7.
    Davis, D.: Compliance Defects in Public-Key Cryptography. In: Proc. 6th Usenix Security Symp., San Jose, CA, pp. 171–178 (1996)Google Scholar
  8. 8.
    Whitten, A., Tygar, D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, pp. 169–183 (1999)Google Scholar
  9. 9.
    Kirk, J.: Zeus malware used pilfered digital certificate. In: Computer World (2010)Google Scholar
  10. 10.
    Wegele, T.: Malware signed with fake Avira Certificate. Computer Security News & Articles (2011)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  1. 1.Department of Product and Systems Design EngineeringUniversity of the AegeanSyrosGreece

Personalised recommendations