Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F18%3A00100813" target="_blank" >RIV/00216224:14330/18:00100813 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007%2F978-3-319-76953-0_3" target="_blank" >https://link.springer.com/chapter/10.1007%2F978-3-319-76953-0_3</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-319-76953-0_3" target="_blank" >10.1007/978-3-319-76953-0_3</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability

Popis výsledku v původním jazyce

There have been many studies exposing poor usability of security software for the common end user. However, only a few inspect the usability challenges faced by more knowledgeable users. We conducted an experiment to empirically assess usability of the command line interface of OpenSSL, a well known and widely used cryptographic library. Based on the results, we try to propose specific improvements that would encourage more secure behavior. We observed 87 developers/administrators at two certificate-related tasks in a controlled environment. Furthermore, we collected participant opinions on both the tool interface and available documentation. Based on the overall results, we deem the OpenSSL usability insufficient according to both user opinions and standardized measures. Moreover, the perceived usability seems to be correlated with previous experience and used resources. There was a great disproportion between the participant views of a successful task accomplishment and the reality. A general dissatisfaction with both OpenSSL interface and its manual page was shared among the majority of the participants. As hinted by a participant, OpenSSL gradually “turned into a complicated set of sharp kitchen knives” – it can perform various jobs very well, but laymen risk stabbing themselves in the process. This highlights the necessity of a usable design even for tools targeted at experienced users (Supplementary material available at crocs.fi.muni.cz/papers/rsa2018).

Název v anglickém jazyce

Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability

Popis výsledku anglicky

There have been many studies exposing poor usability of security software for the common end user. However, only a few inspect the usability challenges faced by more knowledgeable users. We conducted an experiment to empirically assess usability of the command line interface of OpenSSL, a well known and widely used cryptographic library. Based on the results, we try to propose specific improvements that would encourage more secure behavior. We observed 87 developers/administrators at two certificate-related tasks in a controlled environment. Furthermore, we collected participant opinions on both the tool interface and available documentation. Based on the overall results, we deem the OpenSSL usability insufficient according to both user opinions and standardized measures. Moreover, the perceived usability seems to be correlated with previous experience and used resources. There was a great disproportion between the participant views of a successful task accomplishment and the reality. A general dissatisfaction with both OpenSSL interface and its manual page was shared among the majority of the participants. As hinted by a participant, OpenSSL gradually “turned into a complicated set of sharp kitchen knives” – it can perform various jobs very well, but laymen risk stabbing themselves in the process. This highlights the necessity of a usable design even for tools targeted at experienced users (Supplementary material available at crocs.fi.muni.cz/papers/rsa2018).

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/GBP202%2F12%2FG061" target="_blank" >GBP202/12/G061: Centrum excelence - Institut teoretické informatiky (CE-ITI)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Topics in Cryptology – CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018

ISBN

9783319769523

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

20

Strana od-do

45-64

Název nakladatele

Springer International Publishing

Místo vydání

Švýcarsko

Místo konání akce

San Francisco, USA

Datum konání akce

16. 4. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000445246500003