“We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham.

Slides:



Advertisements
Similar presentations
Chapter 10 Real world security protocols
Advertisements

Cognitive Walkthrough More evaluation without users.
Caleb Stepanian, Cindy Rogers, Nilesh Patel
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Mathematics Support Centres: Who uses them & who doesn’t? Why and why not? 1.
SPEED UP SOLUTIONS Team Frijid Pink Keerthik Omanakuttan, Julie Baca, Karl Schults, and Rose Zeller.
Driving Revenue through RTA’s Plus best practices for TNE’s.
FREQUENTLY ASKED QUESTIONS STUDENT’S HAVE ABOUT ETUDES AND THEIR ONLINE COURSES Students want to know…. Jill Brown-Counselor.
AUTHENTICATION MELEE A Usability Analysis of Seven Web Authentication Systems Scott Ruoti, Brent Roberts, Kent Seamons Internet Security Research Lab Brigham.
PET for Schools. Paper 3: Speaking What’s in the Speaking Test? Part 1: You answer the examiner’s questions about yourself and give your opinions. Part.
Design Quotes  "The two most important tools an architect has are the eraser in the drawing room and the sledge hammer on the construction site." —Frank.
How Responsible and Respectful are you in the Computer Lab Created for the Students At Donaldson By Mrs. Jones.
5 Steps to Achieve Better Business Results Written & Edited by: Suneeta Jaitly Manager, Digital Marketing at XDBS Corporation (302)
Confused Johnny WHEN AUTOMATIC ENCRYPTION LEADS TO CONFUSION AND MISTAKES Scott Ruoti, Nathan Kim, Ben Burgon, Tim van der Horst, Kent Seamons Internet.
“ I'm still loving the fact that I share a virtual classroom with such a mix of students from all over the world. Other strengths include: engaging, up-
IceBreaker Networking App User Testing. Product Overview Ice Breaker is a business app that helps facilitate face-to-face interactions at networking events.
Let’s get it right the first time…. What Do I Expect? Today you are going to have the opportunity to edit and revise your own paper and a classmate’s.
“Hi, I’m Officer Linda!” “Today, Officer George and I are going to be teaching you the rules of staying safe on the Internet!” “The Internet can be a.
Conflict Resolution Part 2.
NARRATIVE PERSPECTIVE BROUGHT TO YOU BY POWERPOINTPROS.COM.
Learning Technology Services Inspiring Innovation. Learn more at
Department of Education: Valuing Education Tracking February 2016 Research Presentation 14 th April 2016.
Design for usability E6: Human Factors Design IB Technology.
User Attitudes Toward the Inspection of Encrypted Traffic Scott Ruoti, Mark O’Neill, Daniel Zappala, Kent Seamons Brigham Young University.
Communicating safely and appropriately online. Why do we need passwords?
The Future of translation Technology
GroceryList++ Brian, Peter, Staci, Darrin, Anna.
Lesson 2-18 AP Computer Science Principles
Point-of-View.
Business Model Validation Lab
Scott Ruoti. †, Tyler Monson. , Justin Wu. , Daniel Zappala
From to WebRTC chat using PassLok
Private Facebook Chat Chris Robison, Scott Ruoti, Tim van der Horst, Kent Seamons Internet Security Research Lab Computer Science Department Brigham Young.
Unit 4 A charity show Integrated skills.
Simple Authentication for the Web
the and a to said in he I of it was you they on she is for at his but
Standard Metrics and Scenarios for Usable Authentication
What does “assertiveness” mean?
Prepared by: Laila al-Hasan
St Peter’s CE Primary School
Why Don’t They Do as They’re Told?
Sharing on the Internet
Chapter 9: Continuous ImProvement Through Sharing
Private .
HAVE + STH + DONE Causative have.
Unit 13 – Reports (pp92-97) Professional Writing.
COMPUTER PRIVACY.
Juliana Cook Adrienne Ivey Meredith Marks Nhien Tran
Security at the Application Layer: PGP and S/MIME
Pooja programmer,cse department
Sometimes things go wrong online
Security through Encryption
Strengthening Password-based Authentication
Using Simple QDA Software with Participants:
First Day of Registration
Jocelyn Hickcox, Daniel Melendez, Ashley Mills
Norman Chapter 2 Psychology of Everyday Actions
CS305, HW1, Spring 2008 Evaluation Assignment
Finalizing Your Outline
What happens when you joke around with a truck driver
NEW DESIGNER PROGRAM Buyer Personas
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Cognitive Walkthrough
Sample Student Assessments (pre/Post)
Sioux City Community Schools Computer System
Cybercrime By: Kimberly Foreiter
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

“We’re on the Same Page”: A Usability Study of Secure Using Pairs of Novice Users Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O'Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, Kent Seamons Internet Security Research Lab Brigham Young University 34th Annual ACM Conference on Human Factors in Computing Systems (CHI ‘16)

Security  was built without security  Security has since been bolted on  is still often insecure  In transit and at rest  was built without security  Security has since been bolted on  is still often insecure  In transit and at rest

End-to-end Encryption Alice Bob Sever Mallory

What’s the Hold Up?  Secure systems have largely been unusable  Only viable in corporate settings  How do we get the masses to adopt secure ?  We’ve mostly relied on expert-led adoption  Can be adopted in a grassroots style?  No previous study has examined this question  Secure systems have largely been unusable  Only viable in corporate settings  How do we get the masses to adopt secure ?  We’ve mostly relied on expert-led adoption  Can be adopted in a grassroots style?  No previous study has examined this question

Methodology  Brought in pairs of novice participants  Friends  Johnny ed Jane asking for help with his taxes  Johnny told to encrypt his and given the URL for a secure system  Jane was told to wait for an from Johnny  Johnny and Jane had to collaboratively set up and use secure  Brought in pairs of novice participants  Friends  Johnny ed Jane asking for help with his taxes  Johnny told to encrypt his and given the URL for a secure system  Jane was told to wait for an from Johnny  Johnny and Jane had to collaboratively set up and use secure

Pwm Integrates with Gmail Identity-based encryption

Tutanota depot PGP and password- based encryption

Virtru Integrated and depot Custom key escrow scheme

Results  Within subjects  25 participant pairs  50 total participants  Quantitative metrics  Qualitative feedback  Within subjects  25 participant pairs  50 total participants  Quantitative metrics  Qualitative feedback

System Usability Scale

PwmTutanotaVirtru

Task Completion Time

Mistakes  No mistakes with Pwm  One mistake with Virtru  Many mistakes with Tutanota  Two-third (68%, n=17) sent password through regular  Half (48%, n=12) selected easily guessed passwords  No mistakes with Pwm  One mistake with Virtru  Many mistakes with Tutanota  Two-third (68%, n=17) sent password through regular  Half (48%, n=12) selected easily guessed passwords

Favorite System

Paired-participants  Two novices  Struggled using Tutanota’s password-based encryption  Two perspectives  Jane strongly preferred Pwm  More natural behavior  Relaxed during the study  Willing to believe other side made mistakes  Two novices  Struggled using Tutanota’s password-based encryption  Two perspectives  Jane strongly preferred Pwm  More natural behavior  Relaxed during the study  Willing to believe other side made mistakes

Quotes “I thought it was good, I dunno, might’ve taken the pressure off too, where it’s like, ‘Okay, he’s figuring this out too’, so I can just, y’know, I don’t have to feel as ‘under-the-microscope’ in the study.”

Quotes “...I was more at ease probably than I would’ve been if it was someone random on the other end...It would’ve felt more mechanical, robotic, whereas I know [her] and I was calling my wife, ‘Hi wife! What’s the password?’ It felt a lot more personable for me I think....”

Quotes “It was good in that you saw the troubles, like the third system [Tutanota], I didn’t even know how it worked, so I ended up sending an to myself on Gmail so then I could see what was happening on her end, to know like how it works on the other end. So I think it’s good to have two people on each end that don’t know what’s going on, because if it weren’t I’d assume the person on the other side had done it before...”

Other Lessons Learned  Hiding security details leads to a lack of trust  Participants prefer integrated secure  Integrated tutorials are essential  Users are interested in secure  Hiding security details leads to a lack of trust  Participants prefer integrated secure  Integrated tutorials are essential  Users are interested in secure

Summary  Paired participant studies are helpful  Assesses the usability of grassroots adoption  Allows for interesting interactions between two novice users  Leads to more natural participant behavior  We are getting closer to usable, secure for the masses  Paired participant studies are helpful  Assesses the usability of grassroots adoption  Allows for interesting interactions between two novice users  Leads to more natural participant behavior  We are getting closer to usable, secure for the masses

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.