Brigham Young University BYU ScholarsArchive Theses and Dissertations 2016-07-01 Usable, Secure Content-Based Encryption on the Web Scott Ruoti Brigham Young University Follow this and additional works at: https://scholarsarchive.byu.edu/etd Part of the Computer Sciences Commons BYU ScholarsArchive Citation Ruoti, Scott, "Usable, Secure Content-Based Encryption on the Web" (2016). Theses and Dissertations. 6083. https://scholarsarchive.byu.edu/etd/6083 This Dissertation is brought to you for free and open access by BYU ScholarsArchive. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of BYU ScholarsArchive. For more information, please contact [email protected], [email protected]. Usable, Secure Content-Based Encryption on the Web Scott Isaac Ruoti A dissertation submitted to the faculty of Brigham Young University in partial fulfillment of the requirements for the degree of Doctor of Philosophy Kent Seamons, Chair Daniel Zappala Mike Goodrich David Wingate Bryan Morse Department of Computer Science Brigham Young University July 2016 Copyright © 2016 Scott Isaac Ruoti All Rights Reserved ABSTRACT Usable, Secure Content-Based Encryption on the Web Scott Isaac Ruoti Department of Computer Science, BYU Doctor of Philosophy Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data. In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, we conduct eight usability studies of eleven different secure email tools including a total of 347 participants. Second, we develop a novel, paired-participant methodology that allows us to test whether a given secure email system can be adopted in a grassroots fashion. Third, we apply our discovered design principles to PGP-based secure email, and demonstrate that these principles are sufficient to create the first PGP-based system that is usable by novices. We have also begun applying the lessons learned from our secure email research more generally to content-based encryption on the web. As part of this effort, we develop MessageGuard, a platform for accelerating research into usable, content-based encryption. Using MessageGuard, we build and evaluate Private Facebook Chat (PFC), a secure instant messaging system that integrates with Facebook Chat. Results from our usability analysis of PFC provided initial evidence that our design principles are also important components to usable, content-based encryption on the Web. Keywords: Security, HCI, Usable security, Content-based encryption, Secure email, Webmail, End-to-end encryption, user study ACKNOWLEDGMENTS Thanks first and foremost goes to my advisor Kent Seamons. His mentorship has been crucial in helping me develop the skills necessary to be a successful research scientist. I also want to thank Daniel Zappala for helping me significantly refine my writing and presentation skills. Additionally I am grateful for the mentoring provided by various researchers during my graduate education: Mike Goodrich, Charles Knutson, Jay McCarthy, Rich Shay, and Shabsi Walfish. Thanks also goes to the students who have helped me conduct studies, gather data, and analyze results for this dissertation: Jeff Andersen, Ben Burgeon, Scott Heidbrink, Travis Hendershot, Nathan Kim, Tyler Monson, Mark ONeill, Chris Robison, Elham Vaziripour, and Justin Wu. Finally, a special thanks goes to my wife, Emily Ruoti. She has always been a willing participant in my pilot studies and has provided copious amount of feedback on the systems I have built as well as the papers I have written. More importantly, she has helped raise our daughter Esther, picking up the slack when my dissertation required nearly all of my free time. Thank you Emily. Table of Contents List of Figures vi List of Tables vii 1 Introduction 1 1.1 Email Security . .3 1.2 Unusable, Secure Email . .4 1.3 User Studies . .8 1.3.1 System Usability Scale . .9 1.3.2 Mistakes . 10 1.4 Dissertation Overview . 11 2 Confused Johnny: Why Automatic Encryption Leads to Confusion and Mistakes 15 3 Private Webmail 2.0: Simple and Easy-to-Use Secure Email 36 4 A Usability Study of Four Secure Email Tools Using Paired Participants 49 5 MessageGuard: A Browser-based Platform for Usable End-to-End Encryption Research 75 6 Private Facebook Chat 95 7 A Comparative Usability Study of Key Management in Secure Email 106 iv 8 Conclusion 124 8.1 Design Principles of Usable, Secure Email . 129 8.1.1 Tight Integration . 129 8.1.2 Hidden Security Details . 129 8.1.3 Tutorials . 131 8.1.4 Distinct Interface Design . 132 8.2 Novel, Paired-Participant Evaluation Methodology . 133 8.3 Platform for Usable, Content-based Encryption Research . 135 8.3.1 MessageGuard as a platform . 135 8.3.2 Case Studies . 137 8.4 Trade-offs of PGP, IBE, and Password-based Key Management . 137 8.5 Future Work . 138 8.5.1 User Understanding of Secure Email . 138 8.5.2 Anti-Phishing Interfaces . 139 8.5.3 New Encryption Protocols . 140 8.5.4 Key Management . 140 8.5.5 Usability Studies . 141 8.5.6 New Applications for Content-based Encryption . 141 References 143 v List of Figures 1.1 Basic Email Security . .5 1.2 Email Security with TLS . .6 1.3 Email Security with End-to-End Encryption . .7 1.4 Adjective-based Ratings to Help Interpret SUS Scores . 10 8.1 SUS Scores for Secure Email Systems . 128 vi List of Tables 1.1 The Ten SUS Questions . .9 1.2 SUS Score Card . .9 8.1 User Studies in this Dissertation . 127 8.2 SUS Scores for Secure Email Systems . 127 vii Chapter 1 Introduction Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. TLS protects this information during transmission, but does not protect users' data while at rest. Additionally, middleboxes can weaken TLS connections by failing to properly implement TLS or adequately validate certificate chains [19]. Even if a website correctly employs TLS and encrypts user data while at rest, the user's data is still vulnerable to honest-but-curious data mining [24], third-party library misbehavior [34], website hacking, protocol attacks [10, 12, 18], and government subpoena. This state of affairs motivates the need for content-based encryption of user data. In content-based encryption, users' sensitive data is encrypted at their own device and only decrypted once it reaches the intended recipient, remaining opaque to the websites that store or transmit this encrypted data.1 The best known examples of content-based encryption are secure email (e.g., PGP, S/MIME) and secure instant messaging (e.g., OTR). In addition to protecting communication, content-based encryption can protect any data users store or distribute online; for example, files stored in the cloud (e.g., DropBox, Google Drive) or private postings to web-based message boards. In this dissertation, most of our research focuses on a specific application of content- based encryption|secure email. We chose this focus for several reasons: 1In contrast, connection-level encryption (i.e., TLS) only protects data during transmission, and not while it is stored or handled by websites. 1 1. Email is the dominant form of communication on the Internet. There are 4.3 billion email accounts, owned by 2.5 billion users. Collectively, these users send over 205 billion email messages per day.2 This dwarfs other platforms, including instant messaging clients such as WhatsApp (42 billion messages per day).3 2. Sensitive information is sent over email. While not necessarily an every-day occurrence, from time to time individuals need to use email to send highly sensitive information. For example, some businesses will ask that a job applicant send their social security number to the business in order to process a reimbursement.4 Furthermore, unlike many other communication mediums, email is usually archived by the email server, increasing the vulnerability of sensitive information sent over email.5 3. Advances in secure email are likely to be applicable to other content-based encryption systems. While there are some features that are unique to secure email, many of the principles for designing securing email in a usable manner also apply to other content-based encryption systems. For example, in this dissertation we used principles learned from our secure email work to create a secure Facebook Chat system that was well received by users. 4. Email is unlikely to disappear in the near future. While new communication platforms continue to replace other applications, email has seen steady growth. This indicates that advances in secure email will have far-reaching and long-lasting benefits. 5. Secure email obviates the need for secure storage depots. Because email transmission is not secure, many organizations resort to the use of separate secure messaging websites for sensitive communication. When a user receives a message on these systems, they also receive an email that tells them to log into the secure messaging 2http://www:radicati:com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015- 2019-Executive-Summary:pdf 3http://www:iphoneincanada:ca/news/whatsapp-1-billion/ 4 I have personally experienced this as I was interviewing for jobs; multiple institutions requested that I send them my social security number to process my reimbursements. 5This also demonstrates why connection-level security (i.e., TLS) is insufficient, as it does nothing to protect data while at rest.