Panel: Usable Cryptography: Manifest Destiny or Oxymoron?

Download
  1. (PDF, 210 KB)
AuthorSearch for: ; Search for:
TypeBook Chapter
Subjectuser-centered security; cryptography
AbstractOutside of SSL, Notes/Domino, and federal PKIs, PK cryptography hasn't caught on. SSL is hugely successful in providing network protection. But its server authentication feature is currently useless in phishing attacks, and its client authentication is largely unused. A number of user studies indicate that while some subset of users know about and notice "the padlock", few know what it really is, and none use it to protect them from phishing. This panel posits that the points where the cryptographic system meets the user are where its success has been blocked (e.g. key mgmt, password for protecting keys, understanding risk, threat, and assurance). We explore that assumption, and the past, present, and future of usable cryptography.
Publication date
LanguageEnglish
AffiliationNRC Institute for Information Technology; National Research Council Canada
Peer reviewedNo
NRC number50399
NPARC number5764239
Export citationExport as RIS
Report a correctionReport a correction
Record identifier6ce6e2ce-2648-4015-823a-8f411080b5dd
Record created2009-03-29
Record modified2016-05-09
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)