Presentation on theme: "Easy PGP Rick Carback, Emily Fetchko, Bryan Pass University of Maryland, Baltimore County 11-30-2005."— Presentation transcript:
Easy PGP Rick Carback, Emily Fetchko, Bryan Pass University of Maryland, Baltimore County
Easy PGP More users were: Able to complete given tasks correctly Willing to use our extension in the future Inability to make dangerous errors
Overview Motivation New and Significant Related Work Making Easy PGP Survey Survey Results Issues Tradeoffs and Limitations Easy PGP Vision/Future Work Conclusions
Motivation Keys are hard to create and manage Average user Unlikely to understand purpose of keys May not make appropriate decisions not People do not like following directions “Blinking 12:00” “Terms and Conditions” Rebates & Product Registration
Encryption is a pain to get working!
Should it really be this hard? Put yourself in a User’s shoes… What is a Digital ID? Shouldn’t I have one through hotmail or msn already? Why does my recipient need one? Software was current (all patches applied) Shouldn’t they have fixed this if people actually used it? How many people regularly use encryption? Only 3 (of 20), ever, in our study 1 continues to use it Clearly it is too much hassle for its benefits!
New and Significant “ Encryption your grandma can use!” Idea of encryption as a web service “Will people use this?” Vs. “How well can people use this?” Secure, seamless key generation and management system Completely transparent to user
Related Work - Lessons Learned Private Keys Aren’t User’s typically copy them whenever and wherever needed Especially if paid for Options for insecurity Left as an exercise for the user Random Data?
Related Work - Why Johnny Can’t Encrypt Tested PGP 5.0 Considered the best UI out there 1 of 12 used it correctly Most would not use it on their own. Definition: Usable Security Software Required tasks are known Tasks can be done No dangerous errors Continued use
Related Work - Johnny 2 Key management BIG problem in usability Simulated Key Continuity Management running a test similar to Johnny Better task comprehension Uncovered trust issues Did Not: Say if users would use it Have a working prototype
Related Work - Verisign Provides Keys Need to follow directions Key server Requires user to point to it Local key management still a pain to set up and use What about keys that are not from Verisign? User is still unlikely to understand the purpose of keys We do not think they need to know
Related Work - STU III “Push Button Security” for Phone Exactly what we want for We envision extending Easy PGP Interoperability with existing key servers Web service so users can set their options and send from anywhere
Related Work - Enigmail PGP Extension for Thunderbird (aka Sunbird/Firebird, based off of Mozilla/Netscape Communicator) Front-end for GPG Used as base for and tested against Easy PGP
Problems with Enigmail Encourages bad decisions Too many options Why can’t We use our password by default? A key be generated in the background? With most secure options chosen by default
Making Easy PGP Extension Communicates with PHP script Script is an interface to GPG (OpenPGP) Just like Enigmail Keys stored at server Encryption happens at server
Survey Results (cont.) Avg Time to Complete (minutes): Enigmail: 11.9, = EasyPGP: 3.5, =.806 Continued Use: Enigmail: 2.7, =.781 EasyPGP: 3.6, =.663
Issues Is https secure enough? Keys are no longer private if http server compromised Only message contents in transit affected if SSL is vulnerable Will it scale? Inter-server communication Trust issues are more prevalent here No user verification, yet
Tradeoffs and Limitations Must unconditionally trust server User choice is limited to what we choose Service depends on network connectivity DoS Centralization makes encryption server a target Security and Integrity of system must be maintained Account hijacking
Easy PGP Vision/Future Work Web Service Spread by users “Want to read this message? Click here!” “Invite a friend!” Funded by Advertisement (Google, Yahoo, Hotmail, etc). More options for advanced users Preferred algorithm, multiple key levels, etc. Trust levels Identity Verification User as untrusted until identity can be verified in some way Post card to listed address Public Records Lookup Could be a “premium service”
Conclusions All encryption can be made easier Not just PGP Interface is not the issue Setup and maintenance are! Security as a Web Service
References Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann, USENIX Security ‘02 Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0, A. Whitten and J. D. Tygar Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express, S. Garfinkel and R. Miller