NDLI: Johnny 2: a user test of key continuity management with s/mime and outlook express (2005).

Please wait, while we are loading the content...

Johnny 2: a user test of key continuity management with s/mime and outlook express (2005).

Content Provider	CiteSeerX
Author	Garfinkel, Simson L. Miller, Robert C.
Abstract	Secure email has struggled with signifcant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining pub-lic key certificates. Key continuity management (KCM) has been proposed as a way to lower these barriers to adoption, by making key generation, key management, and message signing essentially automatic. We present the first user study of KCM-secured email, conducted on naive users who had no previous experience with secure email. Our secure email prototype, CoPilot, color-codes messages depending on whether they were signed and whether the signer was previously known or unknown. We find that this interface makes users significantly less susceptible to social engineering attacks overall, but new-identity attacks (from email addresses never seen before) are still effective. Also, naive users do use the Sign and Encrypt button on the Outlook Express toolbar when the situation seems to warrant it, even without ex-plicit instruction, although some falsely hoped that En-crypt would protect a secret message even when sent di-rectly to an attacker. We conclude that KCM is a work-able model for improving email security today, but more work is needed to alert users to certain attacks. 1
File Format	PDF
Publisher Date	2005-01-01
Access Restriction	Open
Subject Keyword	Key Continuity Management Outlook Express User Test Secure Email Naive User Ex-plicit Instruction First User Study Work-able Model Outlook Express Toolbar Kcm-secured Email Color-codes Message Social Engineering Attack Encrypt Button Email Security Today Secret Message Email Address Low Usability Certain Attack Message Signing Previous Experience Secure Email Prototype Signifcant Obstacle Encryption Software Key Generation New-identity Attack Pub-lic Key Certificate Key Management
Content Type	Text

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in