Anyone who has ever encrypted emails with PGP knows how complex and complicated this process can be. Many people cannot cope with this process and therefore do not encrypt their messages. Making encryption easily applicable for laymen is a long-known and still insufficiently solved issue. This seminar introduces students to the research areas that deal with the issue of operational simplicity for security mechanisms. We begin with a historical perspective [1,2], and then turn to principles and methods from the areas usable security and human-computer interaction.
Of particular importance here is the evaluation of systems in terms of their safety and usability. This is usually done empirically. In terms of applications, we will mainly focus on email encryption and authentication from the perspective of USEC.
No particular previous experience is necessary. Following the seminar, it is possible to write a thesis in this field.
[1] Anderson, Ross. "Why cryptosystems fail." In Proc. ACM Conference on Computer and Communications Security (CCS), pp. 215-227. ACM, 1993.
[2] Whitten, Alma, and J. Doug Tygar. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0." In Usenix Security, vol. 1999. 1999.
[3] Artikel aus den Tagungsbänder der Konferenzen CHI, SOUPS, ACSAC.