Usability issues with security of electronic mail

DeWitt, Alexander John Anthony George

January 2007

This thesis shows that human factors can have a large and direct impact on security, not only on the user’s satisfaction, but also on the level of security achieved in practice. The usability issues identified are also extended to include mental models and perceptions as well as traditional user interface issues. These findings were accomplished through three studies using various methodologies to best suit their aims. The research community have issued principles to better align security and usability, so it was first necessary to evaluate their effectiveness. The chosen method for achieving this was through a usability study of the most recent software specifically to use these principles. It was found that the goal of being simultaneously usable and secure was not entirely met, partially through problems identified with the software interface, but largely due to the user’s perceptions and actions whilst using the software. This makes it particularly difficult to design usable and secure software without detailed knowledge of the users attitudes and perceptions, especially if we are not to blame the user for security errors as has occurred in the past. Particular focus was given to e-mail security because it is an area in which there is a massive number of vectors for security threats, and in which it is technologically possible to negate most of these threats, yet this is not occurring. Interviews were used to gain in depth information from the user’s point of view. Data was collected from individual e-mail users from the general public, and organisations. It was found that although the literature had identified various problems with the software and process of e-mail encryption, the majority of problems identified in the interviews stemmed once again from user’s perceptions and attitudes. Use of encryption was virtually nil, although the desire to use encryption to protect privacy was strong. Remembering secure passwords was recurrently found to be problematic, so in an effort to propose a specific method of increasing their usability an empirical experiment was used to examine the memorability of passwords. Specially constructed passwords were tested for their ability to improve memorability, and therefore usability. No statistical significance in the construction patterns was found, but a memory phenomenon whereby users tend to forget their password after a specific period of non-use was discovered. The findings are discussed with reference to the fact that they all draw on a theme of responsibility to maintain good security, both from the perspective of the software developer and the end user. The term Personal Liability and General Use Evaluation (PLaGUE) is introduced to highlight the importance of considering these responsibilities and their effect on the use of security.

005.8

GALS system design side channel attack secure cryptographic accelerators

Gürkaynak, Frank Kağan

January 2006

Zugl.: Zürich, Techn. Hochsch., Diss., 2006 / Auch im Internet unter der Adresse http://e-collection.ethbib.ethz.ch/ecol-pool/diss/fulltext/eth16351.pdf verfügbar

The Elgamal Cryptosystem is better than the RSA Cryptosystem for mental poker

Tetikoglu, Ipek.

January 2007

Thesis (M.S.)--Duquesne University, 2007. / Title from document title page. Abstract included in electronic submission form. Includes bibliographical references (p. 43-47).

Observations on the cryptologic properties of the AES algorithm

Song, Beomsik.

January 2004

Thesis (Ph.D.)--University of Wollongong, 2004. / Typescript. Includes bibliographical references: leaf 109-116.

Elliptic curve cryptography: generation and validation of domain parameters in binary Galois Fields /

Wozny, Peter

January 2008

Thesis (M.S.) -- Rochester Institute of Technology, 2008. / Typescript. Includes bibliographical references (leaves 57-60).

Computational algebraic attacks on the Advanced Encryption Standard (AES)

Mantzouris, Panteleimon.

January 2009

Thesis (M.S. in Electrical Engineering and M.S.in Applied Mathematics)--Naval Postgraduate School, September 2009. / Thesis Advisor(s): Canright, David ; Butler, Jon. "September 2009." Description based on title screen as viewed on 5 November 2009. Author(s) subject terms: Advanced Encryption Standard (AES), Rijndael's algorithm, block cipher, decipher, round of the algorithm, sparse multivariate polynomial. Includes bibliographical references (p. 101). Also available in print.

Rijndael Circuit Level Cryptanalysis

Pehlivanoglu, Serdar.

January 2005

Thesis (M.S.) -- Worcester Polytechnic Institute. / Keywords: private-key cryptography; Advanced Encryption Standard; K-secure; hermetic; block cipher; circuit complexity. Includes bibliographical references (p. 75-79).

Genetic algorithms in cryptography /

Delman, Bethany.

January 2003

Thesis (M.S.)--Rochester Institute of Technology, 2004. / Typescript. Includes bibliographical references (leaves 85-87).

Establishing trust in encrypted programs

Xia, Ying Han.

January 2008

Thesis (Ph.D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009. / Committee Chair: Owen, Henry; Committee Co-Chair: Abler, Randal; Committee Member: Copeland, John; Committee Member: Giffin, Jon; Committee Member: Hamblen, Jim.

Smart card enabled security services to support secure telemedicine applications

Mutsuddi, Monoreet.

January 2000

Thesis (M.S.)--West Virginia University, 2000. / Title from document title page. Document formatted into pages; contains vi, 70 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 70-71).