UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption

Demjaha, A; Spring, JM; Becker, I; Parkin, S; Sasse, MA; (2018) Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption. In: Acar, Y and Patil, S, (eds.) Proceedings of the NDSS Symposium 2018. Internet Society: San Diego, CA, USA. Green open access

[thumbnail of Demjaha-2018-metaphors-considered-harmful.pdf]
Preview
Text
Demjaha-2018-metaphors-considered-harmful.pdf - Published Version

Download (188kB) | Preview

Abstract

Background: Research has shown that users do not use encryption and fail to understand the security properties which encryption provides. We hypothesise that one contributing factor to failed user understanding is poor explanations of security properties, as the technical descriptions used to explain encryption focus on structural mental models. Purpose: We methodically generate metaphors for end-to-end (E2E) encryption that cue functional models and develop and test the metaphors’ effect on users’ understanding of E2E-encryption. Data: Transcripts of 98 interviews with users of various E2Eencrypted messaging apps and 211 survey responses. Method: First, we code the user interviews and extract promising explanations. These user-provided explanations inform the creation of metaphors using a framework for generating metaphors adapted from literature. The generated metaphors and existing industry descriptions of E2E-encryption are analytically evaluated. Finally, we design and conduct a survey to test whether exposing users to these descriptions improves their understanding of the functionality provided by E2E-encrypted messaging apps. Results: While the analytical evaluation showed promising results, none of the descriptions tested in the survey improve understanding; descriptions frequently cue users in a way that undoes their previously correct understanding. Metaphors developed from user language are better than existing industry descriptions, in that ours cause less harm. Conclusion: Creating explanatory metaphors for encryption technologies is hard. Short statements that attempt to cue mental models do not improve participants’ understanding. Better solutions should build on our methodology to test a variety of potential metaphors, to understand both the improvement and harm that metaphors may elicit.

Type: Proceedings paper
Title: Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption
Event: USEC 2018: Workshop on Usable Security, 18 February 2018, San Diego, California, USA
Location: San Diego, CA, USA
Dates: 18 February 2018
Open access status: An open access version is available from UCL Discovery
DOI: 10.14722/usec.2018.23015
Publisher version: https://doi.org/10.14722/usec.2018.23015
Language: English
Additional information: This is the published version of record. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10046820
Downloads since deposit
638Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item