The Usability of EndUser Cryptographic Products

1
The Usability of End-User Cryptographic Products

• Charles Frank
• Northern Kentucky University

2
Examples

• Veterans Administration loss of an unencrypted
  hard drive containing 1.8 million doctor and
  patient records
• Privacy Rights Clearinghouse
• Catalog of stolen and lost laptops and flash
  drives and hacker break-ins

3
Airport Insecurity

• 12255 laptops lost per week in US airports
• 19 have whole disk encryption
• 19 have file encryption
• 45 have password sign on
• Airports do not have a good system to recover
  lost laptops

4
Cryptography

• Can protect public disclosure of private
  information
• Will not be used unless it is easy to use

5
Academic Literature

• Why Johnny cant encrypt (1999)
• Johnny 2 (2005)
• No papers at Symposium on Usable Security and
  Privacy (SOUPS) four annual conferences

6
Problem

• Cryptography is not nearly as important as the
  task
• Protecting data is secondary
• Cryptographic products must be not only usable
  but transparent

7
All Storage Products

• Encrypt
• Drag and drop into volume
• Save file into volume
• Use AES algorithm
• Standard and strong

8
CMS ABSplus External Hard Drive

• USB 2.0 portable encrypted hard drive
• 160GB 180
• Must install CE-Secure from CD or download
• Requiring Administrator privileges
• Not secure by default
• Drive does not automatically encrypt
• User must reformat and use CE-Secure
• Only works on Windows 2000

9
CMS ABSplus External Hard Drive

• Plug in drive
• Launch CE-Secure
• Does not automatically launch when plugged in
• Select available drive from drop down menu
• Enter password

10
CMS ABSplus External Hard Drive

• Passwords
• Must be between 6 and 64 characters
• Will accept 123456 and password
• No limit to the number of password attempts
• Susceptible to brute force password guessing
  attacks

11
IronKey

• IronKey is a secure flash drive.
• 1 GB drive costs 79 and an 8 GB drive costs
  199.
• A standard 8GB USB flash drive costs around
  30.

12
IronKey
13
IronKey

• Do not need Administrator Privilege
• After ten incorrect passwords attempts, the
  device erases its contents and becomes unusable.
• IronKey will mechanically destroy its memory if
  physical tampering occurs.
• It works with Windows, Linux, and with some
  limitations Mac OS X.

14
IronKey

• Requires a password of at least four characters.
• Provides a method of determining the strength of
  the password.
• Allows passwords as password or 123456.
• Get only 10 guesses!

15
Kanguru Defender

• Hardware encrypted USB 2.0 flash drive.

16
Kanguru Defender

• Plugging machine activates a program, which
  prompts the user for a password.
• No software is required to be installed on the
  machine.
• Administrative privileges are not required.
• Only works for Windows, versions 2000 and above.

17
Kanguru Defender

• No limitations to the length of the password.
• No check for password strength.
• Does not limit the number of attempts at guessing
  the password.

18
TrueCrypt

• Open Source
• Downloaded for free
• Uses encryption algorithms
• AES, Serpent, and Twofish,
• Can be composed in any order
• Requires Administrator privileges to mount
• Windows 2000 and above, Mac OS X, and Ubuntu and
  OpenSuSE versions of Linux

19
TrueCrypt
20
TrueCrypt

• Traveler Mode Option
• Permits the use on any system
• Self contained TrueCrypt program
• Download .exe onto flash drive
• Able to carry the encryption application on the
  portable storage device with an encrypted volume.

21
TrueCrypt

• Keyfile Option
• Can be stored separately from the encrypted
  volume on a flash drive
• Protects against keyloggers and brute-force
  password guess attacks
• Can use with Traveler Mode

22
TrueCrypt

• TrueCrypt warns if the password is
• Less than 20 characters
• Is missing upper and lower-case letters, numbers,
  and special characters
• Will accept
• One character password
• Simple passwords such as password and 123456.

23
Microsoft Windows EFS

• Free - bundled with the Operating System
• XP Professional
• Vista Business, Enterprise, and Ultimate
• Removes home users from using this feature

24
Microsoft Windows EFS

• Ophcrack Live CD on the Internet cracks Windows
  Passwords.
• System Information for Windows checks the
  registry for passwords.
• These could crack the Windows account and access
  the files encrypted using EFS.

25
Recommendation

• Encrypt the local machine's hard drives with
  TrueCrypt, requiring a password to decrypt the
  Operating System
• Requires IT support or following technical
  instructions
• Would not be difficult to implement only in a new
  environment

26
Recommendations

• Provide users with IronKey flash drives
• Provides the highest level of security with the
  greatest usability
• TrueCrypt encrypted drives with the use of a
  keyfile
• Keyfile stored in a secure location separate from
  the actual hardware

27
Encrypted Emails

• OpenPGP
• More difficult forces the user to deal with key
  management
• Enigmail is a very usable implementation of
  OpenPGP
• S/MIME
• Designed to have keys centrally managed
• Implemented as a standard feature in Firefox and
  Microsoft Outlook

28
S/MIME

• Thawte offers free certification for email
  clients
• Creating a key with Thawte is a 15 to 30 minute
  long process
• Thawte has explicit support for Mozilla
  Firefox/Thunderbird and Microsoft Internet
  Explorer/Outlook

29
PGP Desktop

• PGP Desktop Home
• 99
• Integrates with standard POP and IMAP email
  clients
• PGP Desktop Email
• 164
• To use Outlook with a Microsoft Exchange server
  (proprietary MAPI protocol), it is necessary to
  purchase PGP Desktop Email.

30
PGP Desktop Security

• If a message cannot be encrypted, will send the
  message unencrypted after warning the user for
  approximately four seconds with a small tray
  popup, which can easily be overlooked.
• After decrypting a message, the message is
  delivered to the client unencrypted. Therefore,
  if the user replies or forwards the message, it
  will be sent unencrypted.

31
PGP Desktop Home Problems

• We unintentionally sent messages in cleartext
  that were intended to be encrypted.
• Receiving and sending encrypted or signed email
  is very slow.

32
Enigmail

• Enigmail directly extends the functionality of
  Thunderbird
• The data is stored encrypted.
• When replying or forwarding a message, the
  encrypted version is sent.
• Adds buttons to existing toolbar for
  encryption/decrytion/signing

33
Email Recommmendations

• Use S/MIME if your email client supports it.
• Registering with a Certificate Authority is the
  hardest part of this process

34
Future Research

• Measuring encryption products overhead
• Speed
• Size of encrypted files and emails
• Do encryption products leave unencrypted
  information on the disk that can be found by
  forensic analysis?