course: Why people don´t use crypto- and why those who try mistakes?
- teaching methods:
- lecture with tutorials
- overhead transparencies, Moodle
- responsible person:
- Prof. Dr. Martina Angela Sasse
- Prof. Dr. Martina Angela Sasse (ETIT), M. Sc. Konstantin Fischer (ETIT)
- offered in:
- summer term
dates in winter term
- start: Thursday the 09.04.2020
- lecture Thursdays: from 13:15 to 14.45 o'clock in ID 03/411
- tutorial Fridays: from 13:15 to 14.45 o'clock in ID 03/411
|Form of exam:||written|
|Registration for exam:||FlexNow|
|Rooms :||ID 04/471, ID 04/459|
|Individual appointments of students to each exam location will be issued by the responsible chair.|
- The aim of the lecture is to examine the reasons why
- cryptographic solutions – which experts agree offer good protection against most oft the common attacks today – are not adopted by most individuals and organisations, and
- end-users, developers and system administrators who do use cryptographic solutions in some form frequently make mistakes that undermine the security protection.
Since Whitten & Tygar’s seminal 1999 USENIX paper Why Johnny Can’t Encrypt established that people cannot use PGP encryption correctly, even with a graphical user interface and instruction.
Over the past 20 year, there has been a string of Johnny papers on studies trying to encourage adoption or correct usage. The aim of this CASA lecture is to systematically examine the results of these studies and identify effective ways of promoting adoption and enable correct use of cryptography.
- Usability, utility and technology adoption
- Security threat models and people’s mental models
- Complexity or simplicity – who needs to know what?
- Designing frictionless user journeys
- Methods for testing and tweaking
Lecture "Introduction to Usable Security and Privacy"