Human As­pects of Cryp­to­gra­phy Ad­op­ti­on and Use (141341-WiSe20/21)

Goals

The aim of the lec­tu­re is to ex­ami­ne the re­a­sons why

1. cryp­to­gra­phic so­lu­ti­ons – which ex­perts agree offer good pro­tec­tion against most of the com­mon at­tacks today – are not ad­op­ted by most in­di­vi­du­als and organizations, and

1. end-users, de­ve­lo­pers and sys­tem ad­mi­nis­tra­tors who do use cryp­to­gra­phic solutions in some form fre­quent­ly make mis­ta­kes that un­der­mi­ne the se­cu­ri­ty protec­tion.

Content

In 1999, Whit­ten & Tygar’s se­mi­nal USE­NIX paper "Why John­ny Can’t En­crypt" es­ta­blis­hed that peop­le can­not use PGP en­cryp­ti­on cor­rect­ly, even with a gra­phi­cal user in­ter­face and in­struc­tion. Over the past 20 years, there has been a string of John­ny pa­pers on stu­dies try­ing to en­cou­ra­ge ad­op­ti­on or cor­rect usage. The aim of this CASA lec­tu­re is to sys­te­ma­ti­cal­ly ex­ami­ne the re­sults of these stu­dies and iden­ti­fy ef­fec­tive ways of pro­mo­ting adoption and enable cor­rect use of cryp­to­gra­phy.

Requirements

None

Recommended knowledge

Lec­tu­re "In­tro­duc­tion to Usa­ble Se­cu­ri­ty and Pri­va­cy"