Mai, A. (2022). Mental models of cryptographic protocols from different stakeholder perspectives [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2023.110704
E194 - Institut für Information Systems Engineering
-
Date (published):
2022
-
Number of Pages:
148
-
Keywords:
Usable security; mental models; user studies; cryptographic protocols
en
Abstract:
Nowadays, online interactions and connected information technologies play an increasingly central role. There is a plethora of personal information available via the Internet, which is accessible to anyone if no protective mechanisms are applied. In order to protect this information, as well as other online interactions, there are cryptographic protocols that prevent or reduce the risk of privacy and security intrusions (e.g., leakage of personal information or monetary losses). A variety of people come in contact with cryptographic protocols ranging from experts, to the end-users. The stakeholders of cryptographic protocols have different levels of technical experience and knowledge. Thus, they are confronted with applications and complex algorithms that they do not (fully) understand, leading to wrong assumptions and insecure usage or implementations. Therefore, it is especially important to include the human factor in the development of cryptographic protocol-based applications in order to prevent security and privacy threats rooted in poor usability. The goal of this thesis is to explore how different stakeholders perceive systems based on cryptographic protocols and how these perceptions affect the user's security and privacy. The systems investigated in this findings are the Internet itself and its current standard communication protocoll, HTTPS. Furthermore cryptocurrency systems and Self-Sovereign Identity system are investigated which are both (partially) built on blockchain technology. The findings of this thesis contribute to making these complex systems more user-friendly and adapting them to the needs and perceptions of the users in order to enable secure and privacy-preserving handling of these technologies.