Managing Access to Confidential Documents: A Case Study of an Email Security Tool

IF 2.8 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Future Internet Pub Date : 2023-10-28 DOI:10.3390/fi15110356
Elham Al Qahtani, Yousra Javed, Sarah Tabassum, Lipsarani Sahoo, Mohamed Shehab
{"title":"Managing Access to Confidential Documents: A Case Study of an Email Security Tool","authors":"Elham Al Qahtani, Yousra Javed, Sarah Tabassum, Lipsarani Sahoo, Mohamed Shehab","doi":"10.3390/fi15110356","DOIUrl":null,"url":null,"abstract":"User adoption and usage of end-to-end encryption tools is an ongoing research topic. A subset of such tools allows users to encrypt confidential emails, as well as manage their access control using features such as the expiration time, disabling forwarding, persistent protection, and watermarking. Previous studies have suggested that protective attitudes and behaviors could improve the adoption of new security technologies. Therefore, we conducted a user study on 19 participants to understand their perceptions of an email security tool and how they use it to manage access control to confidential information such as medical, tax, and employee information if sent via email. Our results showed that the participants’ first impression upon receiving an end-to-end encrypted email was that it looked suspicious, especially when received from an unknown person. After the participants were informed about the importance of the investigated tool, they were comfortable sharing medical, tax, and employee information via this tool. Regarding access control management of the three types of confidential information, the expiration time and disabling forwarding were most useful for the participants in preventing unauthorized and continued access. While the participants did not understand how the persistent protection feature worked, many still chose to use it, assuming it provided some extra layer of protection to confidential information and prevented unauthorized access. Watermarking was the least useful feature for the participants, as many were unsure of its usage. Our participants were concerned about data leaks from recipients’ devices if they set a longer expiration date, such as a year. We provide the practical implications of our findings.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"14 1","pages":"0"},"PeriodicalIF":2.8000,"publicationDate":"2023-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi15110356","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

User adoption and usage of end-to-end encryption tools is an ongoing research topic. A subset of such tools allows users to encrypt confidential emails, as well as manage their access control using features such as the expiration time, disabling forwarding, persistent protection, and watermarking. Previous studies have suggested that protective attitudes and behaviors could improve the adoption of new security technologies. Therefore, we conducted a user study on 19 participants to understand their perceptions of an email security tool and how they use it to manage access control to confidential information such as medical, tax, and employee information if sent via email. Our results showed that the participants’ first impression upon receiving an end-to-end encrypted email was that it looked suspicious, especially when received from an unknown person. After the participants were informed about the importance of the investigated tool, they were comfortable sharing medical, tax, and employee information via this tool. Regarding access control management of the three types of confidential information, the expiration time and disabling forwarding were most useful for the participants in preventing unauthorized and continued access. While the participants did not understand how the persistent protection feature worked, many still chose to use it, assuming it provided some extra layer of protection to confidential information and prevented unauthorized access. Watermarking was the least useful feature for the participants, as many were unsure of its usage. Our participants were concerned about data leaks from recipients’ devices if they set a longer expiration date, such as a year. We provide the practical implications of our findings.
管理对机密文件的访问:电子邮件安全工具的案例研究
用户采用和使用端到端加密工具是一个正在进行的研究课题。这些工具的一个子集允许用户加密机密电子邮件,以及使用过期时间、禁用转发、持久保护和水印等特性来管理他们的访问控制。先前的研究表明,保护性的态度和行为可以促进新安全技术的采用。因此,我们对19名参与者进行了一项用户研究,以了解他们对电子邮件安全工具的看法,以及他们如何使用它来管理通过电子邮件发送的机密信息(如医疗、税务和员工信息)的访问控制。我们的研究结果表明,参与者收到端到端加密电子邮件的第一印象是,它看起来很可疑,尤其是来自一个不知名的人。在参与者被告知被调查工具的重要性之后,他们会通过该工具轻松地分享医疗、税务和员工信息。对于三种类型机密信息的访问控制管理,过期时间和禁用转发对参与者防止未经授权和持续访问最有用。虽然参与者不明白持久保护功能是如何工作的,但许多人仍然选择使用它,假设它为机密信息提供了一些额外的保护层,并防止未经授权的访问。对于参与者来说,水印是最没用的功能,因为许多人不确定它的用法。我们的参与者担心,如果他们设置了较长的截止日期,比如一年,收件人的设备就会泄露数据。我们提供了我们的发现的实际意义。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Future Internet
Future Internet Computer Science-Computer Networks and Communications
CiteScore
7.10
自引率
5.90%
发文量
303
审稿时长
11 weeks
期刊介绍: Future Internet is a scholarly open access journal which provides an advanced forum for science and research concerned with evolution of Internet technologies and related smart systems for “Net-Living” development. The general reference subject is therefore the evolution towards the future internet ecosystem, which is feeding a continuous, intensive, artificial transformation of the lived environment, for a widespread and significant improvement of well-being in all spheres of human life (private, public, professional). Included topics are: • advanced communications network infrastructures • evolution of internet basic services • internet of things • netted peripheral sensors • industrial internet • centralized and distributed data centers • embedded computing • cloud computing • software defined network functions and network virtualization • cloud-let and fog-computing • big data, open data and analytical tools • cyber-physical systems • network and distributed operating systems • web services • semantic structures and related software tools • artificial and augmented intelligence • augmented reality • system interoperability and flexible service composition • smart mission-critical system architectures • smart terminals and applications • pro-sumer tools for application design and development • cyber security compliance • privacy compliance • reliability compliance • dependability compliance • accountability compliance • trust compliance • technical quality of basic services.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信