ISRI Seminar Series / EPP MacArthur Peace and Security Series The Engineering & Public Policy Department and the PhD Program in Computation, Organizations & Society present: Simson Garfinkel, MIT Thursday, 24 February 2005, 3 pm, NSH 1507 TITLE: "Johnny 2: A user test of key continuity management with S/MIME and outlook express" ABSTRACT: After more than 20 years of research, cryptographically-protected email is still a rarity on the Internet today. Usability failings are commonly blamed for the current state of affairs: programs like PGP and GPG must be specially obtained, installed, and are generally considered hard to ue. And, while support for the S/MIME mail encryption standard is widely available, procedures for obtaining S/MIME certificates are onerous because of the necessity of verifying one's identify to a Certification Authority. Key Continuity Management (KCM) has been proposed as a way around this conundrum. Under this model, individuals would create their own, uncertified S/MIME certificates, use these certificates to sign their outgoing mail, and attach those certificates to outgoing messages. Correspondents who wish to send mail that is sealed with encryption are able to do so because they poses the sender's certificate. Mail clients (e.g. Outlook Express, Eudora) alert users when a correspondent's certificate changed. We conducted a user test of KCM with 44 email users who had no previous experience or knowledge of cryptography and email security. Using a scenario similar to that of Whitten and Tygar's Why Johnny Can't Encrypt study, we show that while naive subjects generally understand the gist of digitally signed mail and that a changed key represents a potential attack, they are less equipped to handle the circumstance when a new email address is presented simultaneously with a new digital certificate. We conclude that KCM is a workable model that can be used today to improve email security for naive users, but that work is needed to develop effective interfaces to alert those users to a particular subset of attacks. Bio: Simson L. Garfinkel is a researcher in the field of computer security and award-winning commentator on information technology. Currently a doctorial candidate at MIT's Computer Science and Artificial Intelligence Laboratory, Garfinkel's research interests include computer security, the usability of secure systems, and information policy. He writes monthly columns for Technology Review's Magazine and website and for CSO Magazine, for which he was awarded the 2004 Jesse H. Neal National Business Journalism Award for Best Regularly Featured Department or Column. Prior to joining CSAIL, Garfinkel founded Sandstorm Enterprises, a computer security firm that develops offensive information warfare tools used by businesses and governments to audit their systems. Garfinkel is the author or co-author of twelve books on computing, published by O'Reilly and Associates, MIT Press, Springer-Verlag, and IDG Books. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security, has sold more than 125,000 copies since the first edition was published in 1991.