The Quest to Secure Email: A Usability Analysis of Key Management Alternatives

• Main Author: Andersen, Jeffrey Thomas
• Format: Others
• Published: BYU ScholarsArchive 2016
• Subjects: secure email; key management; usability testing; Computer Sciences
• Online Access: https://scholarsarchive.byu.edu/etd/6461; https://scholarsarchive.byu.edu/cgi/viewcontent.cgi?article=7461&context=etd

The current state of email security is lacking, and the need for end-to-end encryption of email is clear. Recent research has begun to make progress towards usable, secure email for the masses (i.e., novice users without IT support). In this paper, we evaluate the usability implications of three different key management approaches: PGP, IBE, and passwords. Our work is the first formal A/B evaluation of the usability of different key management schemes, and the largest formal evaluation of secure email ever performed. Our results reveal interesting inherent usability trade-offs for each approach to secure email. Furthermore, our research results in the first fully-implemented PGP-based secure email system that has been shown to be usable for novice users. We share qualitative feedback from participants that provides valuable insights into user attitudes regarding each key management approach and secure email generally. Finally, our work provides an important validation of methodology and design principles described in prior work.