MessageGuard: Retrofitting the Web with User-to-user Encryption
作者: Daniel Zappala , Scott Ruoti , Kent Seamons
DOI:
关键词:
摘要: Users today share a great deal of private information on the Web. While HTTPS protects this data during transmission, it does not protect at rest, nor user from websites which store or transmit that data. These issues can be addressed with user-to-user encryption, an approach where is encrypted and decrypted user's computer opaque to websites. In paper we present MessageGuard, first system retrofits Web encryption designed work all websites, in browsers, platforms. We demonstrate MessageGuard operates out-of-the-box 47 Alexa top 50 sites, has minimal performance overhead, rated as highly usable by study participants.
arxiv.org参考文章(28)
James Miller, Philip Kortum, Aaron Bangor, Determining what individual SUS scores mean: adding an adjective rating scale Journal of Usability Studies archive. ,vol. 4, pp. 114- 123 ,(2009)
Alma Whitten, J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0 usenix security symposium. pp. 14- 14 ,(1999)
Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith, SoK: Secure Messaging 2015 IEEE Symposium on Security and Privacy. pp. 232- 249 ,(2015) , 10.1109/SP.2015.22
Timothy W. van der Horst, Kent Eldon Seamons, Encrypted email based upon trusted overlays ,(2009)
Daniel Zappala, Scott Ruoti, Kent E. Seamons, Jeff Andersen, Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client. arXiv: Cryptography and Security. ,(2015)
Shirley Gaw, Edward W. Felten, Patricia Fernandez-Kelly, Secrecy, flagging, and paranoia: adoption criteria in encrypted email human factors in computing systems. pp. 591- 600 ,(2006) , 10.1145/1124772.1124862
Chris Robison, Scott Ruoti, Timothy W. van der Horst, Kent E. Seamons, Private Facebook Chat privacy security risk and trust. pp. 451- 460 ,(2012) , 10.1109/SOCIALCOM-PASSAT.2012.58
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Confidentiality as a Service -- Usable Security for the Cloud trust security and privacy in computing and communications. pp. 153- 162 ,(2012) , 10.1109/TRUSTCOM.2012.112
Ian D. Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, Kirill Levchenko, Security by Any Other Name: On the Effectiveness of Provider Based Email Security computer and communications security. pp. 450- 464 ,(2015) , 10.1145/2810103.2813607
Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham, An empirical study of privacy-violating information flows in JavaScript web applications computer and communications security. pp. 270- 283 ,(2010) , 10.1145/1866307.1866339