Usability and security are widely seen as two antagonistic design goals for complex computer systems. But a growing number of researchers are convinced that the conventional wisdom is wrong: for many applications, especially those involving desktop or handheld computers, secure operations requires systems that are usable.

This research project aims to evaluate a series of security systems and use that experience to develop a set of interaction patterns and design principles for creating systems that are both secure and usable.

Work on this project encompasses several areas, including:

• Evaluation. Because the literature on usability and security is surprisingly fragmented, this project beings with a broad survey and evaluation of previous academic work and products that have been deployed into the marketplace. We are also conducting a number of interviews with industrial partners including Apple Computer, Microsoft, and RSA Security.
• Forensics. We are investigating ways that computer forensics tools can be used as a tool for promoting usable security. Forensic tools can significantly increase visibility into complex computer systems, which we believe can make secure administration easier. Forensic tools can also be used for public education of important understanding computer security issues.
  Our major forensics project has involved the analysis of information that had been left on hard disks after the drives had been sold on the secondary market.[3]
• Secure Email. Despite more than two decades of research, deployment, and attempts at user education, mail sent using secure email standards such as OpenPGP and S/MIME represents a tiny minority of email that is sent over the Internet. Rather than using these standards, many users and organizations will either send email without encryption or else rely on web-based messaging portals that use SSL to encrypt information as it is sent over the Internet. We have performed a significant survey[7,8] and analysis of user S/MIME user interfaces [8] aimed at learning the strengths and weaknesses of today's S/MIME implementations with the aim of making S/MIME easier to use and more widespread.
  We have also performed a series of user tests on a new model for key certification called Key Continuity Management that promises to make secure email easier to use for a broad audience.
• Policy. We are reviewing the roles that non-technical factors that factor into the deployment of security technology. An early project in this space was the creation of an RFID Bill of Rights[4, 5] that showed how many of the privacy problems that have been deployment in the deployment of consumer RFID technology can be addressed through the use of policy that embodies Fair Information Principles. Work has also been done on a proposal for a software labeling regime to help computer users combat the threat of spyware.[8]

A current project is the evaluation of policies that have assisted the deployment of software that accommodates those with disabilities, as exemplified by the FCC's Section 503 regulation, and exploring whether or not these policies could be used to assist in the deployment of usable security technology.

Much of the work in this abstract is being performed as part of Garfinkel's Ph.D. dissertation and Erik Nordlander's master's thesis, which are both expected to be completed in May 2005

References:

[1] S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade, and L. Repka. RFC 2311: S/MIME version 2 message specification, March 1998. Status: INFORMATIONAL.

[2] M. Elkins. RFC 2015: MIME security with pretty good privacy (PGP), October 1996. Status: PROPOSED STANDARD.

[3] Simson Garfinkel and Abhi Shelat. Remembrance of data passed. IEEE Security and Privacy, January/ February 2002.

[4] Simson L. Garfinkel. Adopting fair information practices to low cost RFID systems. Gotenborg, Sweden, September 2002.

[5] Simson L. Garfinkel. An RFID bill of rights. Technology Review, October 2002.

[6] Simson L. Garfinkel. Enabling email confidentiality through the use of opportunistic encryption, presented at the 2003 national conference on digital government research. Boston, MA, May 2003.

[7] Simson L. Garfinkel, Jeffrey I. Schiller, Erik Nordlander, David Margrave, and Robert C. Miller, Views, Reactions, and Impact of Digitally-Signed Mail in e-Commerce, Financial Cryptography and Data Security, 2005

[8] Simson L. Garfinkel, Erik Nordlander, Robert C. Miller, David Margrave, and Jeffrey I. Schiller, How to Make Secure Email Easier To Use, CHI 2005.