Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security

Verena Distler, Carine Lallemand, Vincent Koenig

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs "encrypt"and "secure"performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.

Original languageEnglish
Title of host publicationProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
PublisherInstitute of Electrical and Electronics Engineers
Pages220-229
Number of pages10
ISBN (Electronic)9781728185972
DOIs
Publication statusPublished - Sep 2020
Event5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy
Duration: 7 Sep 202011 Sep 2020

Publication series

NameProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
CountryItaly
CityVirtual, Genoa
Period7/09/2011/09/20

Keywords

  • Encryption
  • Usable Security and Privacy
  • User Experience

Fingerprint Dive into the research topics of 'Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security'. Together they form a unique fingerprint.

Cite this