|
Research
Abstracts - 2006 |
Promoting Secure EmailSimson L. Garfinkel & Robert C. MillerSecure email has struggled with significant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. We are investigating approaches for increasing the adoption of technology for securing email. IntroductionAfter more than 20 years of research, cryptographically protected email is still a rarity on the Internet today. Usability failings are commonly blamed for the current state of affairs: programs like PGP and GPG must be specially obtained, installed, and are generally considered hard to use. And while support for the S/MIME mail encryption standard is widely available, procedures for obtaining S/MIME certificates are onerous because of the necessity of verifying one's identity to a Certification Authority. Whereas most work to date on mail security has focused on promoting the use of encryption, we believe that the key for promoting the use of secure email is promote the use of mail that is digitally signed. To this end we have surveyed 400 Amazon.com merchants who have received signed email from the company to determine their views and experiences with the receipt of signed mail[1][2]. We have also conducted a study of Key Continuity Management (KCM)[3], a new model for certifying public keys without the need to use Public Key Infrastructure. Presently we are looking to expand this work by partnering with a major financial institution to send digitally signed "do-not-reply" mail to their customers as part of a larger trial of S/MIME technology. References:[1]S. Garfinkel and J. Schiller and E. Nordlander and D. Margrave and R. Miller. "How To Make Secure Email Easier To Use", CHI 2005: Technology, Safety, Community, Portland, Oregon, April 2-7, 2005. [2]S. Garfinkel and J. Schiller and E. Nordlander and D. Margrave and R. Miller. "Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce", Financial Cryptography and Data Security Ninth International Confernece, February 28-March 3, 2005, Roseau, The Commonwealth of Dominica [3]S. Garfinkel and R. Miller. "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express", presented at the Symposium on Usable Privacy and Security (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA. |
||||
|