Projektvorstellung
2024 IT-Sicherheit
Prof. Dr. Lars Fischer
Secure Communication is Hard
"27 Years and 81 Million Opportunities Later" [stransky22]
Why Johnny Can't Encrypt (1999)
Why Johnny Still, Still Can't Encrypt (2022)
"it is unclear if PGP will ever be usable" [ruoti15]
"Mit Matrix geht das!" [Signal, WhatsApp, OTR, …]
IMPACT
Aufbau einer Authentifizierungs-Infrastruktur
- I
- nternet
- M
- essage
- P
- rotection using
- A
- utomated
- C
- ertificate management and
- T
- ransformation
Usability, Kryptokeys, Zertifikate
X.509, OpenPGP, SSH, DNSsec Off-The-Record Messaging, OMEMO, Threema, Signa, Telegram, Matrix, XMPP, Briar
X.509, OpenPGP, SSH, DNSsec Off-The-Record Messaging, OMEMO, Threema, Signa, Telegram, Matrix, XMPP, Briar
Reactions
"Haben wir das nicht schon im letzten Semester gemacht?"
-- Shallow-Fake Student, 5. Semester, INF
"What an interesting project!"
We would love to see ACME used more widely."
-- someone@IETF
References
- ruoti15
- Ruoti, S., Andersen, J. Zappala, D., Seamons, K. (2015, Oct). Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client. arXiv link
- ruoti16
- Ruoti, S., Andersen, J., Heidbrink, S., O'Neill, M., Vaziripour, E., Wu, J., … & Seamons, K. (2016, May). " We're on the Same Page" A Usability Study of Secure Email Using Pairs of Novice Users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 4298-4308).
- stransky22
- C. Stransky, O. Wiese, V. Roth, Y. Acar and S. Fahl, "27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University," 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2022, pp. 860-875, doi: 10.1109/SP46214.2022.9833755. link
- whitten99
- Whitten, A., Tygar, J.D. (1999, Aug) Why Johnny can't encrypt: a usability evaluation of PGP 5.0. SSYM'99: Proceedings of the 8th conference on USENIX Security Symposium. Volume 8. Pages 14
- XMPP Logo F3)
- XMPP Standards Foundation, MIT
Bildverweise
- ACME Logo (F3)
- by IETF WG ACME , last 2024-01-30
- (F2)
- stransky22 Fig.2 Rise of email, S/MIME and PGP over time at our university.
- Let's Encrypt Logo (F3)
- Center for Computer Security and Society, With over 7 million certificates issued, Let’s Encrypt aims to secure the entire web, 2016-08-03 (last 2024-01-30)
- NitroKey 3C NFC (F3)
- NitroKey Shop, last 2024-01-30
- Briar Logo by Sublime Software Ltd., CC BY 4.0 https://creativecommons.org/licenses/by/4.0, via Wikimedia Commons
- Matrix Logo (F3)
- ™/®Matrix.org, Public domain, via Wikimedia Commons, last 2023-01-31
