SecUCP

Applied Methods for Secure and Usable Cryptographic Protocols

This project examines the lack of usable systems for developers and administrators that need to handle complex cryptographic communication protocols. This project will help to achieve a usable and secure digital communication system, thus contributing to a networked industry that still ensures the security and privacy of all communication partners.

Project Outline

Developers and administrators need to handle complex cryptographic communication protocols, but currently lack usable systems to cope with this task. Therefore, this project examines the most recent challenges and offers prototypes and guidelines as a solution to these difficulties. In order to implement and establish these solutions, different types of user studies with developers and administrators will be conducted. The novelty of this research project lies in the enhancement of the HTTPS configuration framework, a quantitative study of TLS usability issues, and the creation of a concept for usable key management systems. In this way, the proposed project provides valuable insights in the usability challenges of cryptographic communication protocols and significantly improves their security.

Motivation

In today’s always-online society, communication is shifting from face-to-face into the digital domain. Therefore, it is important that the underlying hard- and software infrastructure is provided with the same, if not even better, protection as its analogue counterpart. The foundation to secure digital communication are cryptographic protocols, which protect sensitive information against unauthorized modification, processing, destruction and reading. Due to the complexity of these protocols, knowledgeable users (administrators and developers) are confronted with cryptographic algorithms and tools that they do not fully understand. Therefore, developers and administrators experience encryption and key management as a burden, which often leads to faulty implementations. Although there are some attempts to facilitate those challenges (e.g., Let’s Encrypt helps to configure HTTPS), there are still many usability challenges to consider.

Further Information

• This FFG programme is sponsored by Nationalstiftung für Forschung, Technologie und Entwicklung and Österreich-Fonds. The focus lies on funding industrial PhD projects to improve qualifications of research and innovation staff in companies and non-university research institutions.  An Industrial PhD project is performed by an employee of an Austrian company/non-university research institution, who is enrolled as a PhD student at a university during the whole project.