By Topic

A Case (Study) For Usability in Secure Email Communication

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Kapadia, A. ; Dartmouth College

As a network security researcher, the author finds it very disappointing that most users can't, or simply don't, secure their everyday Internet communications. For good reason, usability in security has received a fair deal of attention in the past few years. To push the issue further, the author decided to initiate his own informal case study on the usability and practical relevance of standard security mechanisms for email communication. The author focused my attention on available public-key cryptography techniques for digitally signing and encrypting email. His first step was to establish a public-private key pair to use with email. The author chose to use Secure/Multipurpose Internet Mail Extensions (S/MIME), a standard for signing and encrypting email, because it's already supported by popular email clients such as Apple Mail, Outlook Express, and Mozillas Thunderbird. Unlike S/MIME, the author found that pretty good privacy (PGP) and the GNU Privacy Guard (GPG) were unusable with nontechnical correspondents because it required them to install additional software. S/MIME, it seemed, was the better solution for these "everyday users", for whom the concepts of public-key infrastructure (PKI), PGP, certificates, keys, and so on remain elusive. Additionally, I decided to get my public key certified by Thawte (www.thawte.com), an online certificate authority (CA)

Published in:

Security & Privacy, IEEE  (Volume:5 ,  Issue: 2 )