
Usable Encryption
The need for users to be able to encrypt their online communication and data has never been clearer. This need is driven in part by widespread surveillance of Internet traffic by governments. Furthermore, an ever-increasing amount of data is stored in the cloud and actively mined by cloud service providers. We believe it is imperative that users be able to take control of their online data, deciding when and by whom it can be accessed.
Recently there has been significant research and development into secure messaging1, with several secure chat applications being broadly adopted. While such deployments are promising, they still fail to reach the goal of ubiquitous usable encryption for the masses2. First, unlike email, secure communication using these tools is only possible between users of the same tools. Second, they lack many features users expect in communication tools—e.g., archival, search, spam filtering. Finally, there security is often locked behind options and ceremonies that will only be correctly understood and executed by security experts (if even then).
In our research group, we seek to push forward the frontiers of usable encryption. This includes designing new secure communication tools for email and chat settings, that better meet the needs of real-world users. We also are investigating how to bring content-based encryption to a variety of web applications to allow users and business to use these applications without relinquishing control of their data.
-
Unger et al. 2015. SoK: Secure Messaging. In Proceedings of the 36th IEEE Symposium on Security and Privacy. IEEE. ↩
-
Clark et al. 2019. SoK: securing email—a stakeholder-based analysis. In arXiv, arXiv:1804.07706. ↩