Usable Encryption

Users are constantly sharing vast amounts of information over digital channels, with much of this information being sensitive.1,2 However, existing communication systems have insufficient security and privacy protections,3,4 enabling widespread surveillance of Internet traffic by governments and data mining by cloud service providers. As such, there is a critical need for systems that enable users to take control of their online data, deciding when and by whom it can be accessed. While the cryptographic primitives necessary to secure online communication and data storage are well known3,4 the key challenge lies in designing systems that are sufficiently usable to ensure secure and correct usage by non-expert users.5

In our research, we have conducted large-scale surveys and interviews of email6 and group chat2,7 users to understand their requirements for secure online communication. we have also conducted technical and usability evaluations of the security and usability primitives found in modern secure messaging tools~\cite{ruoti2016were,ruoti2019usability,clark2021sok}.4,8,9 To address identified issues, we created and evaluated various design patterns to improve usability and real-world security. These design principles include seamless integration of secure email systems within existing communication tools,10,11 inline, guided tutorials,12 delayed encryption,12 and manual encryption.11,12 We also conducted the first A/B study comparing the usability of key management schemes13 (identity-based encryption, PGP, and shared passwords) and measured the usability of secure email based on short-lived secrets.14 This research resulted in the first secure email system shown to be usable by non-expert users, with user testing demonstrating that it had better usability and security outcomes than any other research or enterprise systems.8,911. Our system also generalizes to secure other forms of online communication and cloud storage.13

With this significant progress, our attention has now turned to the knowledge gap regarding usable key management. While our work has demonstrated how to help users manage a single key over a short time, it remains unclear how key management systems designs can (i) help users manage a large number of keys (ii) over a long time and (iii) without a centralized key management service. Such knowledge is needed to enable the real-world deployment of advanced cryptographic schemes that rely on users to manage a large number of keys over their lifetimes. As the first step in this direction, we are investigating how businesses using S/MIME to encrypt their email can enable cross-organization key discovery. We also plan to investigate challenges users face during key synchronization and recovery, then create and quantify the ability of system designs to address these challenges. This research plan is creative and original in that it breaks from the status quo of considering only short-term and centralized key management, instead considering the need for long-term management of keys in a decentralized environment.

  1. Ruoti et al. 2017. Weighing context and tradeoffs: how suburban adults selected their online security posture. In Proceedings of the 13th Symposium on Usable Privacy and Security. USENIX. 

  2. Oesch et al. 2020. Understanding user perceptions of security and privacy for group chat: a survey of users in the US and UK. In Proceedings of the 36th Annual Computer Security Applications Conference. ACM.  2

  3. Unger et al. 2015. SoK: Secure Messaging. In Proceedings of the 36th IEEE Symposium on Security and Privacy. IEEE.  2

  4. Clark et al. 2021. SoK: securing email—a stakeholder-based analysis. In Proceedings of the 25th International Conference on Financial Cryptography and Data Security. Springer.  2 3

  5. Ruoti and Seamons. 2019. Johnny’s journey toward usable secure email. In IEEE Security & Privacy, Vol. 17, No. 6, pages 72–76, November/December 2019. IEEE. 

  6. Ruoti et al. 2017. Weighing context and tradeoffs: how suburban adults selected their online security posture. In Proceedings of the 13th Symposium on Usable Privacy and Security. USENIX. 

  7. Oesch et al. 2021. User perceptions of security and privacy for group chat. In ACM Digital Threats: Research and Practice. ACM. 

  8. Ruoti et al. 2016. “We’re on the same page”: a usability study of secure email using pairs of novice users. In Proceedings of the 34th ACM Conference on Human Factors in Computing Systems. ACM.  2

  9. Ruoti et al. 2019. A usability study of four secure email tools using paired participants. In ACM Transactions on Privacy and Security, Vol. 22, No. 2, pages 22–29. ACM.  2

  10. Robison et al. 2012. Private facebook chat. In Proceedings of the 2012 International Conference on Privacy, Security, Risk, and Trust and 2012 International Conference on Social Computing. IEEE. 

  11. Ruoti et al. 2013. Confused Johnny: when automatic encryption leads to confusion and mistakes. In Proceedings of the 9th Symposium on Usable Privacy and Security. ACM.  2 3

  12. Ruoti et al. 2016. Private webmail 2.0: simple and easy-to-use secure email. In Proceedings of the 29th ACM Symposium on User Interface Software and Technology. ACM.  2 3

  13. Ruoti et al. 2018. A comparative usability study of key management in secure email. In Proceedings of the 14th Symposium on Usable Privacy and Security. USENIX.  2

  14. Monson et al. 2018. A usability study of secure email deletion. In Proceedings of the 3rd European Workshop on Usable Security. Internet Society. 


Publications

Journals and Magazines

Abstract: Secure messaging tools are an integral part of modern society. To understand users' security and privacy perceptions and requirements for secure group chat, we surveyed 996 respondents in the US and UK. Our results show that group chat presents important security and privacy challenges, some of which are not present in one-to-one chat, such as establishing trust for new group members and filtering shared content. Similarly, we find that the sheer volume of notifications that occur in group chat makes it highly likely that users will ignore important security or privacy notifications. We also find that respondents lack mechanisms for determining which tools are secure and instead rely on non-technical strategies for protecting their privacy---for example, self-filtering and carefully tracking group membership.

Next, we conduct cognitive walkthroughs (a form of expert review) for five popular group chat tools, demonstrating that these tools fail to meet many of the needs identified in our survey. As such, there is a need for improved group chat tools that better align with user perceptions and requirements. Based on these findings, we provide recommendations on improving the security and usability of secure group chat.
Abstract: Since the publication of Why Johnny Can't Encrypt there has been interest in creating usable, secure email that is adoptable by the general public. In this article, we summarize research from the usable-security community on this topic, identify open problems, and call for more research on usable key management.
Abstract: Secure email is increasingly being touted as usable by novice users, with a push for adoption based on recent concerns about government surveillance. To determine whether secure email is ready for grassroots adoption, we employ a laboratory user study that recruits pairs of novice users to install and use several of the latest systems to exchange secure messages. We present both quantitative and qualitative results from 28 pairs of novices as they use Private WebMail (Pwm), Tutanota, and Virtru and 10 pairs of novices as they use Mailvelope. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are “on the same page.” We find that users prefer integrated solutions over depot-based solutions and that tutorials are important in helping first-time users. Finally, our results demonstrate that Pretty Good Privacy using manual key management is still unusable for novice users, with 9 of 10 participant pairs failing to complete the study.

Conferences

Abstract: While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers. We conclude with a fresh look at the state of secure email and discuss open problems in the area. An extended version of our paper includes an evaluation framework for proposed or deployed secure email systems and identify how well they meet properties related to security, utility, deployability, and usability.
Abstract: Secure messaging tools are an integral part of modern society. While there is a significant body of secure messaging research generally, there is a lack of information regarding users' security and privacy perceptions and requirements for secure group chat. To address this gap, we conducted a survey of 996 participants in the US and UK. The results of our study show that group chat presents important security and privacy challenges, some of which are not present in one-to-one chat. For example, users need to be able to manage and monitor group membership, establish trust for new group members, and filter content that they share in different chat contexts. Similarly, we find that the sheer volume of notifications that occur in group chat makes it extremely likely that users ignore important security- or privacy- notifications. We also find that participants lack mechanisms for determining which tools are secure and instead rely on non-technical strategies for protecting their privacy—for example, self-filtering what they post and carefully tracking group membership. Based on these findings we provide recommendations on how to improve the security and usability of secure group chat.
Abstract: We conducted a user study that compares three secure email tools that share a common user interface and differ only by key management scheme: passwords, public key directory (PKD), and identity-based encryption (IBE). Our work is the first comparative (i.e., A/B) usability evaluation of three different key management schemes and utilizes a standard quantitative metric for cross-system comparisons. We also share qualitative feedback from participants that provides valuable insights into user attitudes regarding each key management approach and secure email generally. The study serves as a model for future secure email research with A/B studies, standard metrics, and the two-person study methodology.
Abstract: Understanding how people behave when faced with complex security situations is essential to designing usable security tools. To better understand users' perceptions of their digital lives and how they managed their online security posture, we conducted a series of 23 semi-structured interviews with mostly middle-aged parents from suburban Washington state. Using a grounded theory methodology, we analyzed the interview data and found that participants chose their security posture based on the immense value the Internet provides and their belief that no combination of technology could make them perfectly safe. Within this context, users have a four-stage process for determining which security measures to adopt: learning, evaluation of risks, estimation of impact, and weighing trade-offs to various coping strategies. Our results also revealed that a majority of participants understand the basic principles of symmetric encryption. We found that participants' misconceptions related to browser-based TLS indicators lead to insecure behavior, and it is the permanence of encrypted email that causes participants to doubt that it is secure. We conclude with a discussion of possible responses to this research and avenues for future research.
Abstract: Private Webmail 2.0 (Pwm 2.0) improves upon the current state of the art by increasing the usability and practical security of secure email for ordinary users. More users are able to send and receive encrypted emails without mistakenly revealing sensitive information. In this paper we describe four user interface traits that positively affect the usability and security of Pwm 2.0. In a user study involving 51 participants we validate that these interface modifications result in high usability, few mistakes, and a strong understanding of the protection provided to secure email messages. We also show that the use of manual encryption has no effect on usability or security.
Abstract: Many critical communications now take place digitally, but recent revelations demonstrate that these communications can often be intercepted. To achieve true message privacy, users need end-to-end message encryption, in which the communications service provider is not able to decrypt the content. Historically, end-to-end encryption has proven extremely difficult for people to use correctly, but recently tools like Apple's iMessage and Google's End-to-End have made it more broadly accessible by using key-directory services. These tools (and others like them) sacrifice some security properties for convenience, which alarms some security experts, but little is known about how average users evaluate these tradeoffs. In a 52-person interview study, we asked participants to complete encryption tasks using both a traditional key-exchange model and a key-directory-based registration model. We also described the security properties of each (varying the order of presentation) and asked participants for their opinions. We found that participants understood the two models well and made coherent assessments about when different tradeoffs might be appropriate. Our participants recognized that the less-convenient exchange model was more secure overall, but found the security of the registration model to be “good enough” for many everyday purposes.
Abstract: This paper reports the results of a survey of 1,976 individuals regarding their opinions on TLS inspection, a controversial technique that can be used for both benevolent and malicious purposes. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.
Abstract: Secure email is increasingly being touted as usable by novice users, with a push for adoption based on recent concerns about government surveillance. To determine whether secure email is ready for grassroots adoption, we employ a laboratory user study that recruits pairs of novice users to install and use several of the latest systems to exchange secure messages. We present both quantitative and qualitative results from 25 pairs of novice users as they use Pwm, Tutanota, and Virtru. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are "on the same page". We find that users prefer integrated solutions over depot-based solutions, and that tutorials are important in helping first-time users. Hiding the details of how a secure email system provides security can lead to a lack of trust in the system. Participants expressed a desire to use secure email, but few wanted to use it regularly and most were unsure of when they might use it.
Abstract: A common approach to designing usable security is to hide as many security details as possible from the user to reduce the amount of information and actions a user must encounter. This paper gives an overview of Pwm (Private Webmail), our secure webmail system that uses security overlays to integrate tightly with existing webmail services like Gmail. Pwm's security is mostly transparent, including automatic key management and automatic encryption. We describe a series of Pwm user studies indicating that while nearly all users can use the system without any prior training, the security details are so transparent that a small percentage of users mistakenly sent out unencrypted messages and some users are unsure whether they should trust Pwm. We then conducted user studies with an alternative prototype to Pwm that uses manual encryption. Surprisingly users were accepting of the extra steps of cutting and pasting ciphertext themselves. They avoided mistakes and had more trust in the system with manual encryption. Our results suggest that designers may want to reconsider manual encryption as a way to reduce transparency and foster greater trust.
Abstract: The number of instant messages sent per year now exceeds that of email. Recently users have been moving away from traditional instant messaging applications and instead using social networks as their primary communications platform. To discover attitudes related to instant messaging and its security, we have conducted a user survey. This paper also presents the design of PFC (Private Facebook Chat), a system providing convenient, secure instant messaging within Facebook Chat. PFC offers end-to-end encryption in order to thwart any eavesdropper, including Facebook itself. Finally, we have conducted a usability study of a PFC prototype.

Workshops

Abstract: Messaging applications like SnapChat illustrate that users are concerned about the permanence of information. We find that this concern extends to email. In this paper we present a usability study of an end-to-end secure email tool with the option to securely delete messages. This tool uses ephemeral keys, one per message thread, and default expiration times, with a user prompt to renew or delete keys. Deleting keys causes the messages in the thread to be unreadable for that user. We compare the usability of this tool to a nearly identical tool that uses long term keys and lacks a feature to expire keys. We also interview participants about their email use patterns and attitudes towards information permanence. We find that participants are especially interested in the ability to control the lifetime of an email message. Participants also report trusting the tool that allowed them to make their email messages ephemeral more than the tool that just encrypted their email.
Abstract: The World Wide Web has become the most common platform for building applications and delivering content. Yet despite years of research, the web continues to face severe security challenges related to data integrity and confidentiality. Rather than continuing the exploit-and-patch cycle, we propose addressing these challenges at an architectural level, by supplementing the web's existing connection-based and server-based security models with a new approach: content-based security. With this approach, content is directly signed and encrypted at rest, enabling it to be delivered via any path and then validated by the browser. We explore how this new architectural approach can be applied to the web and analyze its security benefits. We then discuss a broad research agenda to realize this vision and the challenges that must be overcome.