Paper Co-Authored by Mazurek to be Presented at Black Hat USA 2016
A paper co-authored by assistant professor of computer science Michelle Mazurek that examines users’ attitudes toward end-to-end encryption will be presented at Black Hat USA 2016.
The annual conference, held this year from July 30 to Aug. 4 in Las Vegas, is considered one of the world’s premier global information security event series, providing attendees with the latest in information security research, development and trends.
“An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems” takes a unique perspective on end-to-end encryption—considering how people balance sometimes competing values of privacy and convenience, rather than maximizing one at the potential expense of the other.
Typically, encrypting messages requires an exchange of keys and is difficult for the general public to grasp, says Mazurek, who has appointments in the Maryland Cybersecurity Center and the Human-Computer Interaction Lab.
There are services that try to simplify the process by using public directories to store keys, but it introduces some risks, she adds.
“Many companies like Apple, WhatsApp and Google either have incorporated or are currently developing end-to-end encryption systems—affecting millions of users—so understanding these tradeoffs is becoming increasingly important,” Mazurek says.
Mazurek and other researchers conducted a study where 50-plus users were asked to complete encryption tasks using two types of models: a traditional key-exchange model and a key-directory-based registration model.
The research team found that users understood the differences in security levels between the two, and were generally comfortable with using the easier but less secure approach.
Other researchers involved in the project include Doowon Kim, a second-year doctoral student in computer science; Wei Bai, a fourth-year doctoral student in electrical and computer engineering; Moses Namara, who graduated in May with a bachelor of science degree in computer science; Yichen Qian, a junior in computer science; and Patrick Gage Kelley, an assistant professor of computer science at the University of New Mexico.