Why Johnny Can't Encrypt: A Study of the Usability of Pretty Good Privacy
Added on -2019-09-20
This article explores the usability of Pretty Good Privacy (PGP) software for email encryption and digital signatures. It discusses the difficulties encountered by users due to a flawed understanding of public-key encryption and digital signatures. The article also suggests recommendations for improving the provision of assurance of purpose of PGP public keys. The study found that security software is different from consumer software and user design principles for consumer software cannot be blindly applied to the security software. The authors recommend making the automatic calculations as to the validity and trust of the public key associations explicit to the user, so that they are saved the confusion of trying to guess the meaning of trust and validity in the context of PGP.
| 6 pages
| 2192 words
| 243 views
Trusted by 2+ million users, 1000+ happy students everyday
IY5502 Introduction to Cryptography and Security MechanismsAssignment 3Questions based on article Why Johnny Can’t Encrypt by Whitten and TygarQ1. What use of the security software PGP is discussed in this article, and what(cryptographic) security services does it provide?A: Pretty Good Privacy (PGP) is a software for computers that allows users to send and receive email securely, such that the contents cannot be read or modified in transit, and only the intendedrecipient can read the message. All this is based on cryptography.In other words, the (cryptographic) services provided by PGP include confidentiality by not allowing unauthorised persons to be able to read the email message. The message is encrypted using a public-key or symmetric cryptographic algorithm and this key is encrypted using the private-key and included in the message being sent.And it also provides authentication by allowing to verify the sender of the email. This is based onthe use of cryptographic hashing algorithms (e.g. SHA-1), which creates a fixed-length unique representation (called message digests, hash value or hash) of any input data of arbitrary length. This message digest is encrypted with the private key of the sender (in asymmetric cryptography), and thus will only be decrypted by the public key of the same sender.Additionally, both encryption and authentication can be used to together.Q2. In your own words, provide a one paragraph summary of the main findings of thisarticle. A: The hypothesis of the paper is that security software is different from consumer software and user design principles for consumer software cannot be blindly applied to the security software. Security mechanisms are only effective when used correctly, and humans are often the weakest link in any security technique. Also, users of all skill-sets will eventually prefer convenience, so
the software has to be learnable and convenient, without sacrificing the integrity it is supposed toprovide. The software tested is Pretty Good Privacy (PGP) 5.0, which has been developed with a focus on user experience. It is used for ensuring that email messages cannot be read by unauthorised people and that the sender can be verified. The study found lots of deficiencies, not due to lack of motivation, but a flawed understanding of the requirements for a security software.Cognitive walkthrough analysis, heuristic evaluation, and laboratory tests on twelve individuals representing the cross-section of average email users confirm the researchers' original hypothesis.Q3. The article suggests that users encountered difficulties because they did notunderstand the basic concepts behind public-key encryption and digital signatures.Provide a short explanation of these two concepts that is suitable for educating userswho are trying to use PGP software.A: Some of the difficulties encountered in the use of Pretty Good Privacy (PGP) arose from the users' being unaware of how the underlying concepts of public-key encryption and digital signatures work. Both of these are based on cryptography, mathematics while digital signature also uses central or distributed entities for trust.Encryption: It is used to implement confidentiality. Public-key (also called asymmetric) encryption is based on mathematics. For every entity (individual or organisation), there is a pair of keys - one of them in public, and thus freely available and distributed to all, and the other is private, kept secure by the entity. These keys are bound by mathematical properties that encryption (making data unintelligible but can be recovered by applicable key) by one of these can only be reversed (decryption) by the other associated key. This does away with the requirement of sharing any common key between the sender and receiver. In PGP, this translates into the software managing the owner's public and private key, other's public keys, encrypting outgoing emails for particular senders, decrypting incoming email. To use this, the message is encrypted with the public key of the receiver, only who owns the corresponding private and thus is the only person who will be able to recover the message.
Digital signature: It is used to ensure authentication, which means to verify the sender of a message. This too is based on public-key (also called asymmetric) encryption. In this scenario, the sender uses his private key (which only he is supposed to know) to encrypt a message. Now, the associated public key can be used to decrypt the message. The laws of cryptography guarantee that any encryption done by either of the pair can only de reversed by the associated other key. Thus, successful decryption by the public key of an entity confirms that the private key of that entity was used i.e. that entity is the sender of the document. This is usually used withhashing algorithms, which are one-way functions to create a fixed-length unique representation (called message digest, hash value or hash) for any arbitrary input. Then this message digest in encrypted with the private key to help implement authenticity. However, who is to vouch for the association of a public key with an entity and this introduces responsibility of trust which can be maintained by central authorities or peers.Q4. Providing assurance of purpose of keys is an important aspect of key management:a) How does PGP provide assurance of purpose of public keys?A: Pretty Good Privacy (PGP) is the brainchild of a single person, Phil Zimmermann, who is against governments and establishments. This shows in his design for the issue of trust in PGP. He developed a decentralised method for assuring trust in the public and private key pairs, as explained next.A vetting scheme called "web of trust" is used to manage the public-private key association. Creating a pair of a public and private key is a trivial operation. The difficult part is the verification that a particular public key belongs to the individual being claimed (trust), and secondly, that the owner of the key is actually the same individual as being claimed (validity). Tomanage this in a decentralised way, any individual can publish a public key claiming to be his. This is maintained in an identity certificate. Next, some other people will vouch for this claim bydigitally signing this person's identity certificate. This will be the process for every person. Now,PGP software downloads the list of public keys. The concept is that out of the people who have digitally signed the identity certificate, some of them will be trusted by the sender (in varying degrees - complete trust, partial trust, or no trust). Thus, the accuracy of the public key can be estimated. This setting is user-configurable. A couple of issues crop up in this method for the
Found this document preview useful?
You are reading a preview Upload your documents to download or Become a Desklib member to get accesss