In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception

Dechand, Sergej; Naiakshina, Alena; Danilova, Anastasia; Smith, Matthew

doi:10.1109/eurosp.2019.00037

Cited by 23 publications

(25 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Software based mass encryption technology can be used in the pharmaceutical industry to fight against counterfeit drugs. The same software is required to decrypt the digital code [7]. This technology requires a large database server to store the data.…”

Section: Mass Encryption Technologymentioning

confidence: 99%

PharmaCrypt: Blockchain for Critical Pharmaceutical Industry to Counterfeit Drugs

et al. 2020

View full text Add to dashboard Cite

This research analyses the impact of counterfeit drugs on the healthcare supply chain industry and evaluates the solutions currently in place to reduce the number of fake counterfeits coming to the market. The discussions are undertaken to determine what conceptions industry professionals have about applying Blockchain in the pharmaceutical industry, especially in the supply chain. The obtained feedback information is used to build requirements for a Blockchain driven tool called "PharmaCrypt". This tool will be used to track and trace drugs as they move through the supply chain, uploading the data collected to a distributed Blockchain ledger validating the authenticity of the drug. Through a setup, we have built a tool prototype that uses the Amazon Web Services Blockchain platform to show the feasibility of implementing such technology within the industry.

show abstract

Section: Mass Encryption Technologymentioning

confidence: 99%

PharmaCrypt: Blockchain for Critical Pharmaceutical Industry to Counterfeit Drugs

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Such misuse is likely explained by the fact that users have incorrect mental models about how security works [1,2,21,42]. This lack of understanding can also lead users to distrust tools making claims about security [8,12].…”

Section: Incorrect Mental Modelsmentioning

confidence: 99%

“…Educating app designers rather than users. Dechand et al [8] make the strong statement that educating users about encryption is not going to change their behavior. Based on our results, we agree.…”

Section: Improving Group Chat Toolsmentioning

confidence: 99%

Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK

Oesch

Abu-Salma

Diallo

et al. 2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

“…The interface design showed various issues, including the use of inconsistent terminology and not making all security features clear to the user. A later study showed that users lacked both trust in and awareness of encryption in secure messaging tools, even though the tool explitely informed them that encrpytion was used [9]. Communication with end users in the context of connection security seems to be similarly challenging as shown in a qualitative study on end user and administrator mental models of HTTPS.…”

Section: Consequences Of Invisible and Ineffectively Communicated Encmentioning

confidence: 99%

Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

Distler

Lallemand

Koenig

2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs "encrypt" and "secure" performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.

show abstract

In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception

Cited by 23 publications

References 23 publications

PharmaCrypt: Blockchain for Critical Pharmaceutical Industry to Counterfeit Drugs

PharmaCrypt: Blockchain for Critical Pharmaceutical Industry to Counterfeit Drugs

Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK

Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

Contact Info

Product

Resources

About