CSAIL Research Abstracts - 2005 link to http://publications.csail.mit.edu/abstracts/abstracts05/index.html link to http://www.csail.mit.edu
bullet Introduction bullet Architecture, Systems
& Networks
bullet Language, Learning,
Vision & Graphics
bullet Physical, Biological
& Social Systems
bullet Theory bullet

horizontal line

Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express

Simson L. Garfinkel & Robert C. Miller

Secure email has struggled with significant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. Key continuity management (KCM) has been proposed as a way to lower these barriers to adoption, by making key generation, key management, and message signing essentially automatic. We present the first user study of KCM-secured email, conducted on naive users who had no previous experience with secure email. Our secure email prototype, CoPilot, color-codes messages depending on whether they were signed and whether the signer was previously known or unknown. We find that this interface makes users significantly less susceptible to social engineering attacks overall, but new-identity attacks (from email addresses never seen before) are still effective. Also, naive users do use the Sign and Encrypt button on the Outlook Express toolbar when the situation seems to warrant it, even without explicit instruction, although some falsely hoped that Encrypt would protect a secret message even when sent directly to an attacker. We conclude that KCM is a workable model for improving email security today, but more work is needed to alert users to certain attacks.

Introduction

After more than 20 years of research, cryptographically protected email is still a rarity on the Internet today. Usability failings are commonly blamed for the current state of affairs: programs like PGP and GPG must be specially obtained, installed, and are generally considered hard to use. And while support for the S/MIME mail encryption standard is widely available, procedures for obtaining S/MIME certificates are onerous because of the necessity of verifying one's identity to a Certification Authority.

Key Continuity Management (KCM)[1] has been proposed as a way around this conundrum. Under this model, individuals would create their own, uncertified S/MIME certificates, use these certificates to sign their outgoing mail, and attach those certificates to outgoing messages. Correspondents who wish to send mail that is sealed with encryption are able to do so because they posses the sender's certificate. Mail clients (e.g. Outlook Express, Eudora) alert users when a correspondent's certificate changes.

We conducted a user test of KCM with 43 email users who had no previous experience or knowledge of cryptography and email security. Using a scenario similar to that of Whitten and Tygar's Why Johnny Can't Encrypt[2] study, we show that \naive subjects generally understand the gist of digitally signed mail, and further understand that a changed key represents a potential attack. However, such subjects are less equipped to handle the circumstances when a new email address is simultaneously presented with a new digital certificate.

We conclude that KCM is a workable model that can be used today to improve email security for \naive users, but that work is needed to develop effective interfaces to alert those users to a particular subset of attacks.

References:

[1] Gutman, Why isn't the Internet Secure Yet, Dammit, AusCERT Asia Pacific Information Technology Security Conference 2004; Computer Security: Are we there yet?, http://www.cs.auckland.ac.nz/~pgut001/pubs/dammit.pdf

[2] Alma Whitten and J. D. Tygar. Why Johnny Can't Encrypt, 8th Usenix Security Symposium, 1999

horizontal line

MIT logo Computer Science and Artificial Intelligence Laboratory (CSAIL)
The Stata Center, Building 32 - 32 Vassar Street - Cambridge, MA 02139 - USA
tel:+1-617-253-0073 - publications@csail.mit.edu
(Note: On July 1, 2003, the AI Lab and LCS merged to form CSAIL.)