Abstract
Outside of SSL, Notes/Domino, and federal PKIs, PK cryptography hasn’t caught on. SSL is hugely successful in providing network protection. But its server authentication feature is currently useless in phishing attacks, and its client authentication is largely unused. A number of user studies indicate that while some subset of users know about and notice "the padlock", few know what it really is, and none use it to protect them from phishing. This panel posits that the points where the cryptographic system meets the user are where its success has been blocked (e.g. key mgmt, password for protecting keys, understanding risk, threat, and assurance). We explore that assumption, and the past, present, and future of usable cryptography.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Whitten, A., Tygar, J.D.: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In: Proceedings of the 8th Usenix Security Symposium, pp. 169–184 (1999)
Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI 2006 (2006)
Bauer, B., Patrick, A.S.: A human factors extension to the seven-layer OSI reference model. IAENG International Journal of Computer Science (in press)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zurko, M.E., Patrick, A.S. (2008). Panel: Usable Cryptography: Manifest Destiny or Oxymoron?. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-85230-8_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85229-2
Online ISBN: 978-3-540-85230-8
eBook Packages: Computer ScienceComputer Science (R0)