Skip to main content
SpringerLink
Log in

Panel: Usable Cryptography: Manifest Destiny or Oxymoron?

  • Conference paper
Financial Cryptography and Data Security (FC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5143))

Included in the following conference series:

  • 1140 Accesses

Abstract

Outside of SSL, Notes/Domino, and federal PKIs, PK cryptography hasn’t caught on. SSL is hugely successful in providing network protection. But its server authentication feature is currently useless in phishing attacks, and its client authentication is largely unused. A number of user studies indicate that while some subset of users know about and notice "the padlock", few know what it really is, and none use it to protect them from phishing. This panel posits that the points where the cryptographic system meets the user are where its success has been blocked (e.g. key mgmt, password for protecting keys, understanding risk, threat, and assurance). We explore that assumption, and the past, present, and future of usable cryptography.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Whitten, A., Tygar, J.D.: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In: Proceedings of the 8th Usenix Security Symposium, pp. 169–184 (1999)

    Google Scholar 

  2. Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: CHI 2006 (2006)

    Google Scholar 

  3. Bauer, B., Patrick, A.S.: A human factors extension to the seven-layer OSI reference model. IAENG International Journal of Computer Science (in press)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM, Westford, Massachusetts, USA

    Mary Ellen Zurko

  2. Institute for Information Technology, National Research Council of Canada,  

    Andrew S. Patrick

Authors
  1. Mary Ellen Zurko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew S. Patrick
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Gene Tsudik

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zurko, M.E., Patrick, A.S. (2008). Panel: Usable Cryptography: Manifest Destiny or Oxymoron?. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85230-8_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85229-2

  • Online ISBN: 978-3-540-85230-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation