Demjaha, A;
Spring, JM;
Becker, I;
Parkin, S;
Sasse, MA;
(2018)
Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption.
In: Acar, Y and Patil, S, (eds.)
Proceedings of the NDSS Symposium 2018.
Internet Society: San Diego, CA, USA.
Preview |
Text
Demjaha-2018-metaphors-considered-harmful.pdf - Published Version Download (188kB) | Preview |
Abstract
Background: Research has shown that users do not use encryption and fail to understand the security properties which encryption provides. We hypothesise that one contributing factor to failed user understanding is poor explanations of security properties, as the technical descriptions used to explain encryption focus on structural mental models. Purpose: We methodically generate metaphors for end-to-end (E2E) encryption that cue functional models and develop and test the metaphors’ effect on users’ understanding of E2E-encryption. Data: Transcripts of 98 interviews with users of various E2Eencrypted messaging apps and 211 survey responses. Method: First, we code the user interviews and extract promising explanations. These user-provided explanations inform the creation of metaphors using a framework for generating metaphors adapted from literature. The generated metaphors and existing industry descriptions of E2E-encryption are analytically evaluated. Finally, we design and conduct a survey to test whether exposing users to these descriptions improves their understanding of the functionality provided by E2E-encrypted messaging apps. Results: While the analytical evaluation showed promising results, none of the descriptions tested in the survey improve understanding; descriptions frequently cue users in a way that undoes their previously correct understanding. Metaphors developed from user language are better than existing industry descriptions, in that ours cause less harm. Conclusion: Creating explanatory metaphors for encryption technologies is hard. Short statements that attempt to cue mental models do not improve participants’ understanding. Better solutions should build on our methodology to test a variety of potential metaphors, to understand both the improvement and harm that metaphors may elicit.
Type: | Proceedings paper |
---|---|
Title: | Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption |
Event: | USEC 2018: Workshop on Usable Security, 18 February 2018, San Diego, California, USA |
Location: | San Diego, CA, USA |
Dates: | 18 February 2018 |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.14722/usec.2018.23015 |
Publisher version: | https://doi.org/10.14722/usec.2018.23015 |
Language: | English |
Additional information: | This is the published version of record. For information on re-use, please refer to the publisher’s terms and conditions. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10046820 |
Archive Staff Only
View Item |