An introduction to security challenges in user-facing cryptographic software

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)

Abstract

One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection [30]. There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords [31], of particular concern where user passwords are used for the generation of encryption keys for data.
LanguageEnglish
Title of host publicationCybersecurity and Privacy - Bridging the Gap
EditorsKhajuria Samant , Lene Sørensen, Knud Erik Skouby
Place of PublicationAalborg
Pages15-39
Number of pages25
StatePublished - 31 Mar 2017

Fingerprint

Facings
Cryptography
User interfaces

Keywords

  • cryptographic software
  • security
  • user interface

Cite this

Paul, G., & Irvine, J. (2017). An introduction to security challenges in user-facing cryptographic software. In K. Samant , L. Sørensen, & K. E. Skouby (Eds.), Cybersecurity and Privacy - Bridging the Gap (pp. 15-39). Aalborg.
Paul, Greig ; Irvine, James. / An introduction to security challenges in user-facing cryptographic software. Cybersecurity and Privacy - Bridging the Gap. editor / Khajuria Samant ; Lene Sørensen ; Knud Erik Skouby. Aalborg, 2017. pp. 15-39
@inbook{9a5cb03fdf294c92a64de9b0a78b51a8,
title = "An introduction to security challenges in user-facing cryptographic software",
abstract = "One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection [30]. There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords [31], of particular concern where user passwords are used for the generation of encryption keys for data.",
keywords = "cryptographic software, security, user interface",
author = "Greig Paul and James Irvine",
year = "2017",
month = "3",
day = "31",
language = "English",
isbn = "9788793519664",
pages = "15--39",
editor = "{Samant }, Khajuria and Lene S{\o}rensen and Skouby, {Knud Erik}",
booktitle = "Cybersecurity and Privacy - Bridging the Gap",

}

Paul, G & Irvine, J 2017, An introduction to security challenges in user-facing cryptographic software. in K Samant , L Sørensen & KE Skouby (eds), Cybersecurity and Privacy - Bridging the Gap. Aalborg, pp. 15-39.

An introduction to security challenges in user-facing cryptographic software. / Paul, Greig; Irvine, James.

Cybersecurity and Privacy - Bridging the Gap. ed. / Khajuria Samant ; Lene Sørensen; Knud Erik Skouby. Aalborg, 2017. p. 15-39.

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)

TY - CHAP

T1 - An introduction to security challenges in user-facing cryptographic software

AU - Paul,Greig

AU - Irvine,James

PY - 2017/3/31

Y1 - 2017/3/31

N2 - One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection [30]. There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords [31], of particular concern where user passwords are used for the generation of encryption keys for data.

AB - One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection [30]. There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords [31], of particular concern where user passwords are used for the generation of encryption keys for data.

KW - cryptographic software

KW - security

KW - user interface

UR - https://www.riverpublishers.com/book_details.php?book_id=434

M3 - Chapter (peer-reviewed)

SN - 9788793519664

SP - 15

EP - 39

BT - Cybersecurity and Privacy - Bridging the Gap

CY - Aalborg

ER -

Paul G, Irvine J. An introduction to security challenges in user-facing cryptographic software. In Samant K, Sørensen L, Skouby KE, editors, Cybersecurity and Privacy - Bridging the Gap. Aalborg. 2017. p. 15-39.