TU Darmstadt / ULB / TUbiblio

Usable Secure Email Communications - Criteria and evaluation of existing approaches

Moecke, Cristian Thiago ; Volkamer, Melanie (2012)
Usable Secure Email Communications - Criteria and evaluation of existing approaches.
In: Information and Computer Security
doi: 10.1108/09685221311314419
Artikel, Bibliographie

Kurzbeschreibung (Abstract)

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Purpose</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;Email communication has been used for many years, and has begun to replace traditional, physical correspondence more and more. Compared to a traditional postal service, email services are easier, faster, and free of charge. Standard email, however, is, from a security point of view, more comparable to post cards than letters. Some security techniques and services exist, but few people use them due to lack of awareness, low usability, and a lack of understanding of Public Key Infrastructures (PKIs). A comprehensive comparison is missing, which makes it difficult for users to decide which email service to use. The purpose of this paper is to identify evaluation criteria covering security, usability, and interoperability aspects of email, and to apply them to existing email services.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i2"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Design/methodology/approach</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;The authors first define criteria based on literature review, threat analysis and expert consultation. These criteria are then applied, when applicable, to existing approaches including DKIM, SPF, PGP, S/MIME and Opportunistic Encryption, and to common secure email providers including Gmail, Hushmail, and De‐Mail.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i3"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Findings</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;None of the existing analysed services meets all the derived criteria. Based on the result of the application of these criteria and the corresponding comparison, the authors propose future directions for usable secure email communication.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i4"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Originality/value</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;The criteria proposed are original and allow an evaluation and a comparison of different email systems that not only considers security aspects, but also the relation and trade‐offs between security, usability and interoperability. Moreover, the trust assumptions involved are also considered.</div>

Typ des Eintrags: Artikel
Erschienen: 2012
Autor(en): Moecke, Cristian Thiago ; Volkamer, Melanie
Art des Eintrags: Bibliographie
Titel: Usable Secure Email Communications - Criteria and evaluation of existing approaches
Sprache: Englisch
Publikationsjahr: Juni 2012
Titel der Zeitschrift, Zeitung oder Schriftenreihe: Information and Computer Security
Buchtitel: Sixth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012)
DOI: 10.1108/09685221311314419
Zugehörige Links:
Kurzbeschreibung (Abstract):

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Purpose</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;Email communication has been used for many years, and has begun to replace traditional, physical correspondence more and more. Compared to a traditional postal service, email services are easier, faster, and free of charge. Standard email, however, is, from a security point of view, more comparable to post cards than letters. Some security techniques and services exist, but few people use them due to lack of awareness, low usability, and a lack of understanding of Public Key Infrastructures (PKIs). A comprehensive comparison is missing, which makes it difficult for users to decide which email service to use. The purpose of this paper is to identify evaluation criteria covering security, usability, and interoperability aspects of email, and to apply them to existing email services.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i2"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Design/methodology/approach</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;The authors first define criteria based on literature review, threat analysis and expert consultation. These criteria are then applied, when applicable, to existing approaches including DKIM, SPF, PGP, S/MIME and Opportunistic Encryption, and to common secure email providers including Gmail, Hushmail, and De‐Mail.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i3"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Findings</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;None of the existing analysed services meets all the derived criteria. Based on the result of the application of these criteria and the corresponding comparison, the authors propose future directions for usable secure email communication.</div>

<div class="NLM_sec NLM_sec_level1" style="color: rgb(65, 65, 65); font-family: Arial, Helvetica, &quot;Arial Unicode MS&quot;, &quot;Trebuchet MS&quot;, sans-serif; "><span style="color: rgb(32, 84, 136); "><a name="_i4"></a></span> <div class="sectionInfo" style="overflow: hidden; "><div class="sectionHeading" style="float: left; font-size: 18px; "><h5 style="margin: 0px; color: rgb(51, 51, 51); text-rendering: optimizeLegibility; line-height: 18px; font-size: 12px; ">Originality/value</h5></div> <div class="sectionJumpTo" style="float: right; "></div></div> –&nbsp;The criteria proposed are original and allow an evaluation and a comparison of different email systems that not only considers security aspects, but also the relation and trade‐offs between security, usability and interoperability. Moreover, the trust assumptions involved are also considered.</div>

Freie Schlagworte: Security, Usability and Society;Secure Data
ID-Nummer: TUD-CS-2012-0057
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen