An introduction to security challenges in user-facing cryptographic software

Paul, Greig and Irvine, James (2017) An introduction to security challenges in user-facing cryptographic software. In: Cybersecurity and Privacy - Bridging the Gap. River Publishers, Aalborg, pp. 15-39. ISBN 9788793519664

Full text not available in this repository.Request a copy from the Strathclyde author

Abstract

One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection [30]. There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords [31], of particular concern where user passwords are used for the generation of encryption keys for data.