1 / 39

Easy PGP

Easy PGP. Rick Carback, Emily Fetchko, Bryan Pass University of Maryland, Baltimore County 11-30-2005. Easy PGP. More users were: Able to complete given tasks correctly Willing to use our extension in the future Inability to make dangerous errors. Overview. Motivation

neith
Download Presentation

Easy PGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Easy PGP Rick Carback, Emily Fetchko, Bryan Pass University of Maryland, Baltimore County 11-30-2005

  2. Easy PGP • More users were: • Able to complete given tasks correctly • Willing to use our extension in the future • Inability to make dangerous errors

  3. Overview • Motivation • New and Significant • Related Work • Making Easy PGP • Survey • Survey Results • Issues • Tradeoffs and Limitations • Easy PGP Vision/Future Work • Conclusions

  4. Motivation • Keys are hard to create and manage • Average user • Unlikely to understand purpose of keys • May not make appropriate decisions • People do not like following directions • “Blinking 12:00” • “Terms and Conditions” • Rebates & Product Registration

  5. E-mail Encryption is a pain to get working!

  6. Should it really be this hard? • Put yourself in a User’s shoes… • What is a Digital ID? • Shouldn’t I have one through hotmail or msn already? • Why does my recipient need one? • Software was current (all patches applied) • Shouldn’t they have fixed this if people actually used it? • How many people regularly use E-mail encryption? • Only 3 (of 20), ever, in our study • 1 continues to use it • Clearly it is too much hassle for its benefits!

  7. New and Significant • “E-mail Encryption your grandma can use!” • Idea of e-mail encryption as a web service • “Will people use this?” Vs. “How well can people use this?” • Secure, seamless key generation and management system • Completely transparent to user

  8. Related Work - Lessons Learned • Private Keys Aren’t • User’s typically copy them whenever and wherever needed • Especially if paid for • Options for insecurity • Left as an exercise for the user • Random Data?

  9. Tested PGP 5.0 Considered the best UI out there 1 of 12 used it correctly Most would not use it on their own. Definition: Usable Security Software Required tasks are known Tasks can be done No dangerous errors Continued use Related Work - Why Johnny Can’t Encrypt

  10. Related Work - Johnny 2 • Key management • BIG problem in usability • Simulated Key Continuity Management running a test similar to Johnny • Better task comprehension • Uncovered trust issues • Did Not: • Say if users would use it • Have a working prototype

  11. Related Work - Verisign • Provides Keys • Need to follow directions • Key server • Requires user to point to it • Local key management still a pain to set up and use • What about keys that are not from Verisign? • User is still unlikely to understand the purpose of keys • We do not think they need to know

  12. Related Work - STU III • “Push Button Security” for Phone • Exactly what we want for E-mail • We envision extending Easy PGP • Interoperability with existing key servers • Web service so users can set their options and send from anywhere

  13. Related Work - Enigmail • PGP Extension for Thunderbird (aka Sunbird/Firebird, based off of Mozilla/Netscape Communicator) • Front-end for GPG • Used as base for and tested against Easy PGP

  14. Problems with Enigmail • Encourages bad decisions • Too many options • Why can’t • We use our e-mail password by default? • A key be generated in the background? • With most secure options chosen by default

  15. Making Easy PGP • Extension Communicates with PHP script • Script is an interface to GPG (OpenPGP) • Just like Enigmail • Keys stored at server • Encryption happens at server

  16. Building the Extension • Extension built in XUL - a scripting language for mozilla • Not as robust as advertised • Combines XML, javascript, and CSS • Has a large learning curve associated with it • Two interfaces • Message Composing • Message Displaying

  17. Message Composer

  18. Message Display

  19. Code to send message • var cmdStr = "https://130.85.179.253/~bryan/ez_pgp.php?action=" + action + "&"; • cmdStr += "sender=" + gCurrentIdentity.email + "&"; • cmdStr += "receiver="; • cmdStr += getBasicRecipientEmails(gMsgCompose.compFields.to); • cmdStr += "&message="; • var editor = GetCurrentEditor(); • gEzPgpPageReq = new XMLHttpRequest(); • cmdStr += ezPgpSendableMessage(editor.rootElement.innerHTML); • gEzPgpPageReq.open("GET", cmdStr, false); • editor.rootElement.innerHTML = ""; • gEzPgpPageReq.send(null); • editor.insertText(gEzPgpPageReq.responseText);

  20. Header Element Example • <?xml version="1.0"?> • <?xml-stylesheet href="chrome://ezpgp/content/messageSafety.css" type="text/css"?> • <overlay xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"> • <vbox id="messagepanebox"> • <hbox id="msgSafetyView" insertafter="msgHeaderView" keywordrelated="true" originalclass="none" persist="state"> • <vbox flex="1"> • <!-- Collapsed Pane Details, shows the "short" safety message --> • <!-- Expanded Pane Details, shows the "long" safety message --> • </vbox> • </hbox> • </vbox> • <script type="application/x-javascript" src="chrome://ezpgp/content/msgSfeViewOverlay.js"/> • </overlay>

  21. Button CSS Example • toolbarbutton#easypgpencrypt-button • { • list-style-image: url("chrome://messenger/skin/messengercompose/compose-toolbar.png"); • -moz-image-region: rect(0px 120px 24px 96px); • } • toolbarbutton#easypgpsign-button • { • list-style-image: url("chrome://messenger/skin/icons/mail-toolbar.png"); • -moz-image-region: rect(0px 48px 24px 24px); • }

  22. PHP Script • case 'encrypt': • exec( "gpg --homedir $GPG_HOME --no-tty --encrypt -a -r $receiver -o $outfile $infile 2>&1",$output,$ret ); • break; • case 'decrypt': • exec( "echo \"defaultpassword\" | gpg --homedir $GPG_HOME --no-tty --passphrase-fd 0 --decrypt -u $receiver -o $outfile $infile 2>&1",$output,$ret ); • break;

  23. Survey • Four Parts • Pre-Questionnaire • E-mail Disclaimer • Directions • Post-Questionnaire • Notes were taken during every trial • Approx. completion time for each step • Things users had trouble with • Other Comments

  24. Survey Results • Correct Identification • Enigmail: 90% • EasyPGP: 97% • Ease of Use:

  25. Survey Results (cont.) • Avg Time to Complete (minutes): • Enigmail: 11.9,  = 4.969 • EasyPGP: 3.5,  = .806 • Continued Use: • Enigmail: 2.7,  = .781 • EasyPGP: 3.6,  = .663

  26. Issues • Is https secure enough? • Keys are no longer private if http server compromised • Only message contents in transit affected if SSL is vulnerable • Will it scale? • Inter-server communication • Trust issues are more prevalent here • No user verification, yet

  27. Tradeoffs and Limitations • Must unconditionally trust server • User choice is limited to what we choose • Service depends on network connectivity • DoS • Centralization makes encryption server a target • Security and Integrity of system must be maintained • Account hijacking

  28. Easy PGP Vision/Future Work • Web Service • Spread by users • “Want to read this message? Click here!” • “Invite a friend!” • Funded by Advertisement (Google, Yahoo, Hotmail, etc). • More options for advanced users • Preferred algorithm, multiple key levels, etc. • Trust levels • Identity Verification • User as untrusted until identity can be verified in some way • Post card to listed address • Public Records Lookup • Could be a “premium service”

  29. Conclusions • All e-mail encryption can be made easier • Not just PGP • Interface is not the issue • Setup and maintenance are! • Security as a Web Service

  30. References • Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann, USENIX Security ‘02 • Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0, A. Whitten and J. D. Tygar • Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express, S. Garfinkel and R. Miller

More Related