course: Why people don´t use crypto- and why those who try mistakes?

number:
141341
teaching methods:
lecture with tutorials
media:
overhead transparencies, Moodle
responsible person:
Prof. Dr. Martina Angela Sasse
Lecturers:
Prof. Dr. Martina Angela Sasse (ETIT), M. Sc. Konstantin Fischer (ETIT)
language:
english
HWS:
4
CP:
5
offered in:
summer term

dates in winter term

  • start: Thursday the 09.04.2020
  • lecture Thursdays: from 13:15 to 14.45 o'clock in ID 03/411
  • tutorial Fridays: from 13:15 to 14.45 o'clock in ID 03/411

Exam

Form of exam:written
Registration for exam:FlexNow
Date:07.08.2020
Begin:09:30
Duration:120min
Rooms : ID 04/471,  ID 04/459
Individual appointments of students to each exam location will be issued by the responsible chair.

goals

The aim of the lecture is to examine the reasons why
  1. cryptographic solutions – which experts agree offer good protection against most oft the common attacks today – are not adopted by most individuals and organisations, and
  2. end-users, developers and system administrators who do use cryptographic solutions in some form frequently make mistakes that undermine the security protection.

content

Since Whitten & Tygar’s seminal 1999 USENIX paper Why Johnny Can’t Encrypt established that people cannot use PGP encryption correctly, even with a graphical user interface and instruction.

Over the past 20 year, there has been a string of Johnny papers on studies trying to encourage adoption or correct usage. The aim of this CASA lecture is to systematically examine the results of these studies and identify effective ways of promoting adoption and enable correct use of cryptography.

  • Usability, utility and technology adoption
  • Security threat models and people’s mental models
  • Complexity or simplicity – who needs to know what?
  • Designing frictionless user journeys
  • Methods for testing and tweaking

requirements

X

recommended knowledge

Lecture "Introduction to Usable Security and Privacy"