Usable Secure Webmail for Grassroots Adoption
Kent Seamons - Brigham Young University
Mar 23, 2016Size: 165.2MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractRecent concerns about government surveillance have focused attention on secure communication tools for the masses. The security properties of these tools receive more attention than their usability properties. This talk will cover our recent effort to design a usable secure webmail system. We have conducted a number of studies to analyze existing tools and our own systems to determine whether these tools are usable by the masses to communicate securely.
Most recently, to determine whether secure email is ready for grassroots adoption, we conducted a laboratory user study that recruits pairs of novice users to install and use several of the latest systems to exchange secure messages. We will discuss both quantitative and qualitative results from 25 pairs of novice users as they use Pwm, Tutanota, and Virtru. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are “on the same page”. We find that users prefer integrated solutions over depot-based solutions, and that tutorials are important in helping first-time users. Hiding the details of how a secure email system provides security can lead to a lack of trust in the system. Participants expressed a desire to use secure email, but few wanted to use it regularly and most were unsure of when they might use it.
About the SpeakerDr. Kent Seamons is the Director of the Internet Security Research Lab in the Computer Science Department at BYU. His research interests are in usable security, privacy, authentication, identity management, and trust management. He received a PhD in Computer Science from Illinois. Prior to joining the faculty at BYU, he conducted research at the IBM Pittsburgh Lab where he was a co-inventor of trust negotiation. He has published over 50 peer-reviewed papers that have been cited over 4,300 times. Dr. Seamons has been awarded nearly $5 million in funding from NSF, DARPA, NASA, and industry. He is also a co-inventor on four patents in the areas of automated trust negotiation, single sign-on, and security overlays.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.