Timothy W. van der Horst

Confused Johnny: when automatic encryption leads to confusion and mistakes

A common approach to designing usable security is to hide as many security details as possible from the user to reduce the amount of information and actions a user must encounter. This paper gives an overview of Pwm (Private Webmail), our secure webmail system that uses security overlays to integrate tightly with existing webmail services like Gmail. Pwms security is mostly transparent, including automatic key management and automatic encryption. We describe a series of Pwm user studies indicating that while nearly all users can use the system without any prior training, the security details are so transparent that a small percentage of users mistakenly sent out unencrypted messages and some users are unsure whether they should trust Pwm. We then conducted user studies with an alternative prototype to Pwm that uses manual encryption. Surprisingly users were accepting of the extra steps of cutting and pasting ciphertext themselves. They avoided mistakes and had more trust in the system with manual encryption. Our results suggest that designers may want to reconsider manual encryption as a way to reduce transparency and foster greater trust.

Simple authentication for the web

Automated email-based password reestablishment (EBPR) is an efficient, cost-effective means to deal with forgotten passwords. In this technique, email providers authenticate users on behalf of web sites. This method works because web sites trust email providers to deliver messages to their intended recipients. Simple Authentication for the Web (SAW) improves upon this basic approach to user authentication to create an alternative to password-based logins. SAW: 1) Removes the setup and management costs of passwords at EBPR-enabled sites; 2) Provides single sign-on without a specialized identity provider; 3) Thwarts passive attacks and raises the bar for active attacks; 4) Enables easy, secure sharing and collaboration without passwords; 5) Provides intuitive delegation and revocation of authority; and 6) Facilitates client-side auditing.

Simple Authentication for the Web

Automated email-based password reestablishment (EBPR) is an efficient, cost-effective means to deal with forgotten passwords. In this technique, email providers authenticate users on behalf of web sites. This method works because web sites trust email providers to deliver messages to their intended recipients. Simple Authentication for the Web (SAW) improves upon this basic approach to user authentication to create an alternative to password-based logins. SAW: 1) Removes the setup and management costs of passwords at EBPR-enabled sites; 2) Provides single sign-on without a specialized identity provider; 3) Thwarts passive attacks and raises the bar for active attacks; 4) Enables easy, secure sharing and collaboration without passwords; 5) Provides intuitive delegation and revocation of authority; and 6) Facilitates client-side auditing.

Private Facebook Chat

The number of instant messages sent per year now exceeds that of email. Recently users have been moving away from traditional instant messaging applications and instead using social networks as their primary communications platform. To discover attitudes related to instant messaging and its security, we have conducted a user survey. This paper also presents the design of PFC (Private Facebook Chat), a system providing convenient, secure instant messaging within Facebook Chat. PFC offers end-to-end encryption in order to thwart any eavesdropper, including Facebook itself. Finally, we have conducted a usability study of a PFC prototype.

Wireless authentication using remote passwords

Current wireless authentication mechanisms typically rely on inflexible shared secrets or a heavyweight public-key infrastructure with user-specific digital certificates and, as such, lack general support for environments with dynamic user bases where guest access is frequent. Simple Authentication for the Web (SAW) facilitates dynamic user bases in the context of web site logins by enabling users to authenticate to personal messaging identifiers (e.g., email addresses, IM handles, cell phone numbers). SAW, however, is ill-suited for wireless authentication because, in most cases, it is dependent on client-side Internet connectivity. Wireless Authentication using Remote Passwords (WARP) overcomes this constraint by building a hybrid protocol that combines the principles of SAW authentication with the Secure Remote Password (SRP) protocol.

Mobile Trust Negotiation

We examine several architectures for extending the nascent technology of automated trust negotiation to bring nonidentity-based authentication and authorization to mobile devices. We examine how the location of trust agents and secure repositories affects such a system. We also present an implementation of one of these models. This protocol leverages software proxies, autonomous trust agents, and secure repositories to allow portable devices from different security domains (i.e., with no pre-existing relationship) to establish trust and perform secure transactions. This proposed system is called surrogate trust negotiation as the sensitive and resource-intense tasks of authentication are performed vicariously for the mobile device by a surrogate trust agent.