Sciweavers

SOUPS
2005
ACM

Johnny 2: a user test of key continuity management with S/MIME and Outlook Express

14 years 6 months ago
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
Secure email has struggled with signifcant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. Key continuity management (KCM) has been proposed as a way to lower these barriers to adoption, by making key generation, key management, and message signing essentially automatic. We present the first user study of KCM-secured email, conducted on na¨ıve users who had no previous experience with secure email. Our secure email prototype, CoPilot, color-codes messages depending on whether they were signed and whether the signer was previously known or unknown. This interface makes users significantly less susceptible to social engineering attacks overall, but new-identity attacks (from email addresses never seen before) are still effective. Also, na¨ıve users do use the Sign and Encrypt button on the Outlook Express toolbar when the situation seems to warrant it, even without explicit instruction, alt...
Simson L. Garfinkel, Robert C. Miller
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where SOUPS
Authors Simson L. Garfinkel, Robert C. Miller
Comments (0)