The Value of User-Visible Internet Cryptography
Phillip J. Brooke, Richard F. Paige
TL;DR
This paper examines the importance, usage, and challenges of user-visible cryptographic mechanisms in various applications, highlighting the need for better integration and understanding for non-expert users.
Contribution
It provides a comprehensive survey of existing and potential cryptographic technologies, analyzing their social and legal contexts to assess their value and usability for end-users.
Findings
User-visible cryptography is underused by non-experts.
Embedding cryptography in user workflows can improve security.
Legal and social factors influence cryptography adoption.
Abstract
Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Spam and Phishing Detection · Privacy, Security, and Data Protection