Usable secure mailing lists with untrusted servers

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Usable secure mailing lists with untrusted servers

Full text

Pdf (886 KB)

Source

IDtrust; Vol. 373 archive
Proceedings of the 8th Symposium on Identity and Trust on the Internet table of contents

Gaithersburg, Maryland

SESSION: Usability table of contents

Pages 103-116

Year of Publication: 2009

ISBN:978-1-60558-474-4

Authors

Rakesh Bobba	University of Illinois, Urbana-Champaign
Joe Muggli	University of Illinois, Urbana-Champaign
Meenal Pant	University of Illinois, Urbana-Champaign
Jim Basney	University of Illinois, Urbana-Champaign
Himanshu Khurana	University of Illinois, Urbana-Champaign

Sponsors

: Internet2
: OASIS IDtrust Member Section
FPKIPA : Federal Public Key Infrastructure Policy Authority
: The National Institute of Standards and Technology

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 87, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1527017.1527032 What is a DOI?

ABSTRACT

Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006 [doi>10.1145/1127345.1127346]
	2	M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, pages 127--144, 1998.
	3	D. Boneh, C. Gentry, and B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Proceedings of International Cryptology Conference (CRYPTO), pages 258--275, 2005.
	4	J. Brooke. SUS: a quick and dirty usability scale. In P. W. Jordan, B. Thomas, B. A. Weerdmeester and A. L. McClelland (eds.). Usability Evaluation in Industry. London: Taylor and Francis., 1996.
	5	N. Brownlee , E. Guttman, Expectations for Computer Security Incident Response, RFC Editor, 1998
	6	J. Callas , L. Donnerhacke , H. Finney , R. Thayer, OpenPGP Message Format, RFC Editor, 1998
	7	Ran Canetti , Susan Hohenberger, Chosen-ciphertext secure proxy re-encryption, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA [doi>10.1145/1315245.1315269]
	8	Y.-P. Chiu, C.-L. Lei, and C.-Y. Huang. Secure multicast using proxy encryption. In International Conference on Information and Communications Security (ICICS), pages 280--290, 2005.
	9	Alexander J. DeWitt , Jasna Kuljis, Aligning usability and security: a usability study of Polaris, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania [doi>10.1145/1143120.1143122]
	10	L. Faulkner and D. Wick. Cross-user analysis: Benefits of skill level comparison in usability testing. Interacting with Computers, 17(6):773--786, 2005.
	11	Simson L. Garfinkel , David Margrave , Jeffrey I. Schiller , Erik Nordlander , Robert C. Miller, How to make secure email easier to use, Proceedings of the SIGCHI conference on Human factors in computing systems, April 02-07, 2005, Portland, Oregon, USA [doi>10.1145/1054972.1055069]
	12	Simson L. Garfinkel , Robert C. Miller, Johnny 2: a user test of key continuity management with S/MIME and Outlook Express, Proceedings of the 2005 symposium on Usable privacy and security, p.13-24, July 06-08, 2005, Pittsburgh, Pennsylvania [doi>10.1145/1073001.1073003]
	13	S. L. Garfinkel, J. I. Schiller, E. Nordlander, D. Margrave, and R. C. Miller. Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. In Financial Cryptography, pages 188--202, 2005.
	14	Shirley Gaw , Edward W. Felten , Patricia Fernandez-Kelly, Secrecy, flagging, and paranoia: adoption criteria in encrypted email, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada [doi>10.1145/1124772.1124862]
	15	Matthew Green , Giuseppe Ateniese, Identity-Based Proxy Re-encryption, Proceedings of the 5th international conference on Applied Cryptography and Network Security, June 05-08, 2007, Zhuhai, China [doi>10.1007/978-3-540-72738-5_19]
	16	P. Hoffman, Enhanced Security Services for S/MIME, RFC Editor, 1999
	17	A.-A. Ivan and Y. Dodis. Proxy cryptography revisited. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, 2003.
	18	Markus Jakobsson, On Quorum Controlled Asymmetric Proxy Re-encryption, Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, p.112-121, March 01-03, 1999
	19	A. Kapadia, P. Tsang, and S. W. Smith. Attribute-Based Publishing with Hidden Credentials and Hidden Policies. In Proceedings of The 14th Annual Network and Distributed System Security Symposium (NDSS '07), February 2007.
	20	H. Khurana, J. Heo, and M. Pant. From proxy encryption primitives to a deployable secure-mailing-list solution. In International Conference on Information and Communications Security (ICICS), pages 260--281, 2006.
	21	Yongdae Kim , Adrian Perrig , Gene Tsudik, Tree-based group key agreement, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.60-96, February 2004 [doi>10.1145/984334.984337]
	22	M. Mambo and E. Okamoto. Proxy cryptosystem: Delegation of the power to decrypt ciphertexts. IEICE Transaction on Fundamentals of Electronics, Communications and Computer Sciences, E80(A(1)):54--63, 1997.
	23	J. Nielsen. Novice vs. Expert Users. http://www.useit.com/alertbox/20000206.html, Feb 2000.
	24	J. Nielsen. Why You Only Need to Test With 5 Users. http://www.useit.com/alertbox/20000319.html, March 2000.
	25	J. Nielsen. Quantitative Studies: How Many Users to Test. http://www.useit.com/alertbox/quantitativetesting.html, June 2006.
	26	Jakob Nielsen , Thomas K. Landauer, A mathematical model of the finding of usability problems, Proceedings of the INTERACT '93 and CHI '93 conference on Human factors in computing systems, p.206-213, April 24-29, 1993, Amsterdam, The Netherlands [doi>10.1145/169059.169166]
	27	David Pinelle , Carl Gutwin, Groupware walkthrough: adding context to groupware usability evaluation, Proceedings of the SIGCHI conference on Human factors in computing systems: Changing our world, changing ourselves, April 20-25, 2002, Minneapolis, Minnesota, USA [doi>10.1145/503376.503458]
	28	Volker Roth , Tobias Straub , Kai Richter, Security and usability engineering with particular attention to electronic mail, International Journal of Human-Computer Studies, v.63 n.1-2, p.51-73, July 2005 [doi>10.1016/j.ijhcs.2005.04.015]
	29	T. S. Tulis and J. N. Stetson. A Comparison of Questionnaires for Assessing Website Usability. In Usability Professional Association Conference, 2004.
	30	W. Wei, X. Ding, and K. Chen. Multiplex encryption: A practical approach to encrypting multi-recipient emails. In International Conference on Information and Communications Security (ICICS), pages 269--279, 2005.
	31	M. J. West-Brown, D. Stikvoort, K.-P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs). CERT Handbook, CMU/SEI-2003-HB-002, April 2003.
	32	Alma Whitten , J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0, Proceedings of the 8th conference on USENIX Security Symposium, p.14-14, August 23-26, 1999, Washington, D.C.
	33	Chung Kei Wong , Mohamed Gouda , Simon S. Lam, Secure group communications using key graphs, IEEE/ACM Transactions on Networking (TON), v.8 n.1, p.16-30, Feb. 2000 [doi>10.1109/90.836475]
	34	J. Zhou. On the security of a multi-party certified email protocol. In International Conference on Information and Communications Security (ICICS), pages 40--52, 2004.
	35	Lidong Zhou , Michael A. Marsh , Fred B. Schneider , Anna Redz, Distributed Blinding for Distributed ElGamal Re-Encryption, Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, p.824-824, June 06-10, 2005 [doi>10.1109/ICDCS.2005.24]