In 1999, Whitten & Tygar’s seminal USENIX paper “Why Johnny Can’t Encrypt” established that even though the problem of End-to-End Encryption is technically solved, people cannot use PGP encryption correctly, even with a graphical user interface and instructions. Over the past 20 years, there has been a string of “Johnny” papers trying to encourage adoption or correct usage of secure tools - with mixed results. This lecture aims to systematically examine the results of these and other studies and identify effective ways of promoting adoption and enabling the correct use of cryptography.
This course covers the following topics.
- Usability, usable security, utility, and technology adoption
- History of Human Factors and Encryption
- Security threat models and people’s mental models
- What is trust? How is trust impacting the adoption of cryptographic applications?
- Cryptography ecosystem – where do cryptographic standards come from?
- Complexity or simplicity – who needs to know what?
- Applying this knowledge to different cryptographic applications:
- PGP and S/MIME: End-to-End encrypted Email
- WhatsApp and Signal: End-to-End security for the masses?
- TLS: A crypto protocol success story
- End User Privacy Tools: TOR/TAILS, Disk Encryption, VPNs
- Passwordless Authentication (FIDO, PassKeys, WebAuthn)
- Kursleiter/in: Stefan Konopka
- Kursleiter/in: Katrin Lamme
- Kursleiter/in: Jens Christian Opdenbusch
- Kursleiter/in: Felix Reichmann
Semester: WiSe 2025/26