Skip to main content
Computer Science
Internet Security Research Lab

Usable Encryption

Add description here

<TEMPORARY NOTE -THIS PAGE WAS PREVIOUSLY SECURE COMMUNICATION>

The need for users to be able to encrypt their online communication and data has never been clearer. This need is driven in part by widespread surveillance of Internet traffic by governments. Furthermore, an ever-increasing amount of data is stored in the cloud and actively mined by cloud service providers. We believe it is imperative that users be able to take control of their online data, deciding when and by whom it can be accessed.

Although there has been significant research and development into secure messaging \cite{unger2015sok}, the limited adoption of these systems (e.g., PGP) is disappointing. When compared to email, a ubiquitous technology, one reason for this failure become clear. In email, users are able to send messages to anyone with an email address, regardless of the application or email provider the recipient uses. In contrast, most secure messaging proposals are not ubiquitous (i.e., not compatible with all applicable applications, platforms, and web services). This makes it difficult to communicate with others and limits adoption.

Our research is focused on designing ubiquitous, usable, secure systems which tightly integrate with the web applications that the public is already using. Initially we focused on maximizing usability and found that a combination of key escrow, intuitive tutorials, and instructive encrypted payloads were able to help novice users begin using secure email. Using this as a base, we have begun working on expanding our work to include all web services, not just email, and different key management schemes. In the coming months we will open source our system and hope that other researchers will be able to leverage it in their own work.

Publications

S. Ruoti, T. Monson, J. Wu, D. Zappala, K. Seamons. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017. [Presentation]

S. Ruoti, J. Andersen, T. Monson, D. Zappala, K. Seamons. Private Webmail 2.0: Simple and Easy-to-Use Secure Email, 29th ACM Symposium on User Interface Software and Technology (UIST 2016). ACM, 2016.

A. Afanasyev, J. Halderman, K. Seamons, D. Zappala, L. Zhang, Y. Yu, S. Ruoti. Content-based Security for the Web, Proceedings of the 2016 Workshop on New Security Paradigms. ACM, 2016.

S. Ruoti, J. Andersen, S. Heidbrink, M. O’Neill, E. Vaziripour, J. Wu, D. Zappala, K. Seamons. “We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users, Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI 2016). ACM, 2016. [Presentation]

S. Ruoti, N. Kim, B. Burgon, T.W. van der Horst, and K. Seamons. Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes 9th Annual Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, United Kingdom, July 2013. [Presentation]

C. Robison, S. Ruoti, T. W. van der Horst, and K. E. Seamons. Private Facebook Chat 2012 International Conference on Privacy, Security, Risk, and Trust (PASSAT 2012) and 2012 International Conference on Social Computing (SocialCom 2012), Amsterdam, Netherlands, September 2012. [Presentation]

Posters

S. Ruoti, J. Andersen, T. Monson, D. Zappala, K. Seamons. A Comparison of PGP, IBE, and Password-based Secure Email, Poster Session at the Symposium on Usable Privacy and Security (SOUPS 2016). Denver, CO, 2016. [Poster]

S. Ruoti, J. Andersen, S. Heidbrink, M. O’Neill, E. Vaziripour, J. Wu, D. Zappala, K. Seamons. “We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users, Poster Session at the Symposium on Usable Privacy and Security (SOUPS 2016). Denver, CO, 2016. [Poster]

Theses

Song Yuanzheng. Browser-Based Manual Encryption. August 2014.
Ben Burgon. Pwm: A Secure Webmail System Designed for Easy Adoption. March 2014.
Nathan Kim. Message Protector: Demonstrating that Manual Encryption Improves Usability. May 2013.
Chris Robison. Secure Browser-Based Instant Messaging. December 2012.
Ryan Segeberg. EASEmail: Easy Accessible Secure Email. August 2009.

Data Sets

“We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users