Abstract
Several end-to-end encryption technologies for emails such as PGP and S/MIME exist since decades. However, end-to-end encryption is barely applied. To understand why users hesitate to secure their email communication and which usability issues they face with PGP, S/MIME as well as with pEp (Pretty Easy Privacy), a fairly new technology, we conducted an online survey and user testing. We found that more than 60% of e-mail users are unaware of the existence of such encryption technologies and never tried to use one. We observed that above all, users are overwhelmed with the management of public keys and struggle with the setup of encryption technology in their mail software. Even though users struggle to put email encryption into practice, we experienced roughly the same number of users being aware of the importance of email encryption. Particularly, we found that users are very concerned about identity theft, as 78% want to make sure that no other person is able to write email in their name.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Green, M.: The daunting challenge of secure e-mail. https://www.newyorker.com/tech/annals-of-technology/the-daunting-challenge-of-secure-e-mail. Accessed 13 Feb 2019
Atkins, D., Stallings, W., Zimmermann, P.: PGP Message Exchange Formats. RFC 1991 (Informational), August 1996. Obsoleted by RFC 4880
Ramsdell, B.: S/MIME Version 3 Message Specification. RFC 2633 (Proposed Standard), June 1999. Obsoleted by RFC 3851
pEp Security: Pretty Easy Privacy. https://www.pep.security/. Accessed 13 Feb 2019
Elkins, M., Torto, D.D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156 (Proposed Standard), August 2001
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880 (Proposed Standard), November 2007. Updated by RFC 5581
Wikipedia: Pretty good privacy. https://en.wikipedia.org/wiki/Pretty_Good_Privacy/. Accessed 13 Feb 2019
Lake, J.: What is PGP encryption and how does it work? https://en.wikipedia.org/wiki/Pretty_Good_Privacy/. Accessed 13 Feb 2019
Protonmail: What are PGP/MIME and PGP/Inline? https://protonmail.com/support/knowledge-base/pgp-mime-pgp-inline/. Accessed 13 Feb 2019
Borenstein, N., Freed, N.: MIME (Multipurpose Internet Mail Extensions) part one: mechanisms for specifying and describing the format of internet message bodies. RFC 1521 (Draft Standard), September 1993. Obsoleted by RFCs 2045, 2046, 2047, 2048, 2049, updated by RFC 1590
R. Laboratories: Cryptographic message syntax standard (1993). https://ipsec.pl/files/ipsec/Archiwum/pkcs-7.pdf
pEp foundation council: Pretty easy privacy whitepaper, 18 July 2018. https://pep.foundation/docs/pEp-whitepaper.pdf. Accessed 13 Feb 2019
Marques, H.: Pretty easy privacy: email formats and protocols, 18 July 2016. https://tools.ietf.org/html/draft-marques-pep-email-02. Accessed 13 Feb 2019
Marques, H., Hoeneisen, B.: Iana registration of trustword lists: guide, template and iana considerations, 26 June 2018. https://tools.ietf.org/html/draft-marques-pep-email-02. Accessed 13 Feb 2019
Marques, H., Hoeneisen, B.: Pretty easy privacy: contact and channel authentication through handshake. https://tools.ietf.org/html/draft-marques-pep-handshake-00. Accessed 13 Feb 2019
pEp security AG: pep official documentation - general information. https://www.pep.security/docs/general_information.html. Accessed 13 Feb 2019
Furnell, S.M., Clarke, N., Moecke, C.T., Volkamer, M.: Usable secure email communications - criteria and evaluation of existing approaches (2012)
Lerner, A., Zeng, E., Roesner, F.: Confidante: usable encrypted email a case study with lawyers and journalists (2017)
Clark, J., van Oorschot, P., Ruoti, S., Seamons, K., Zappala, D.: Securing email (2018)
Ruoti, S., Andersen, J., Monson, T., Zappala, D., Seamons, K.: A comparative usability study of key management in secure email (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Reuter, A., Boudaoud, K., Winckler, M., Abdelmaksoud, A., Lemrazzeq, W. (2020). Secure Email - A Usability Study. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)