Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists

Ada Lerner, Eric Zeng, Franziska Roesner
{"title":"Confidante: Usable Encrypted Email: A Case Study with Lawyers and Journalists","authors":"Ada Lerner, Eric Zeng, Franziska Roesner","doi":"10.1109/EUROSP.2017.41","DOIUrl":null,"url":null,"abstract":"Email encryption tools remain underused, even by people who frequently conduct sensitive business over email, such as lawyers and journalists. Usable encrypted email has remained out of reach largely because key management and verification remain difficult. However, key management has evolved in the age of social media: Keybase is a service that allows users to cryptographically link public keys to their social media accounts (e.g., Twitter), enabling key trust without out-of-band communication. We design and prototype Confidante, an encrypted email client that uses Keybase for automatic key management. We conduct a user study with 15 people (8 U. S. lawyers and 7 U. S. journalists) to evaluate Confidante's design decisions. We find that users complete an encrypted email task more quickly and with fewer errors using Confidante than with an existing email encryption tool, and that many users report finding Confidante comparable to using ordinary email. However, we also find that lawyers and journalists have diverse operational constraints and threat models, and thus that there may not be a one-size-fits-all solution to usable encrypted email. We reflect on our findings — both specifically about Confidante and more generally about the needs and constraints of lawyers and journalists—to identify lessons and remaining security and usability challenges for encrypted email.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"27 16","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"45","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EUROSP.2017.41","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 45

Abstract

Email encryption tools remain underused, even by people who frequently conduct sensitive business over email, such as lawyers and journalists. Usable encrypted email has remained out of reach largely because key management and verification remain difficult. However, key management has evolved in the age of social media: Keybase is a service that allows users to cryptographically link public keys to their social media accounts (e.g., Twitter), enabling key trust without out-of-band communication. We design and prototype Confidante, an encrypted email client that uses Keybase for automatic key management. We conduct a user study with 15 people (8 U. S. lawyers and 7 U. S. journalists) to evaluate Confidante's design decisions. We find that users complete an encrypted email task more quickly and with fewer errors using Confidante than with an existing email encryption tool, and that many users report finding Confidante comparable to using ordinary email. However, we also find that lawyers and journalists have diverse operational constraints and threat models, and thus that there may not be a one-size-fits-all solution to usable encrypted email. We reflect on our findings — both specifically about Confidante and more generally about the needs and constraints of lawyers and journalists—to identify lessons and remaining security and usability challenges for encrypted email.
红颜知己:可用的加密电子邮件:律师和记者的案例研究
电子邮件加密工具仍然没有得到充分利用,即使是那些经常通过电子邮件处理敏感业务的人,比如律师和记者。可用的加密电子邮件仍然遥不可及,很大程度上是因为密钥管理和验证仍然困难。然而,密钥管理在社交媒体时代得到了发展:Keybase是一种服务,允许用户以加密方式将公钥链接到他们的社交媒体帐户(例如Twitter),从而在没有带外通信的情况下实现密钥信任。我们设计和原型红颜知己,一个加密的电子邮件客户端,使用Keybase自动密钥管理。我们对15人(8名美国律师和7名美国记者)进行了用户研究,以评估红颜知己的设计决策。我们发现,与现有的电子邮件加密工具相比,用户使用红颜知己完成加密电子邮件任务的速度更快,错误更少,许多用户报告发现红颜知己与使用普通电子邮件相当。然而,我们也发现律师和记者有不同的操作约束和威胁模型,因此可能没有一个通用的解决方案来使用加密电子邮件。我们对我们的研究结果进行了反思——既针对红颜知己,也针对律师和记者的需求和限制进行了更广泛的反思——以确定加密电子邮件的教训和仍然存在的安全性和可用性挑战。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信