Human Aspects of Cryptography Adoption and Use

Graduate Course / CASA PhD Lecture, Ruhr University Bochum, 2022

  • Lecturer: Prof. Dr. Sasse
  • Language: German
  • Credits: 5 CP
  • Programs: M.Sc. IT-Security
  • Examination: 100 % Oral Exam (30 Minutes) + 10 % Homework

Learning Outcomes

The lecture aims to examine the reasons why

  1. cryptographic solutions – which experts agree offer good protection against most oft the common attacks today – are not adopted by most individuals and organizations, and
  2. end-users, developers, and system administrators who use cryptographic solutions in some form frequently make mistakes that undermine security protection.

Course Description

In 1999, Whitten & Tygar’s seminal USENIX paper “Why Johnny Can’t Encrypt” established that people cannot use PGP encryption correctly, even with a graphical user interface and instruction. Over the past 20 years, there has been a string of Johnny papers on studies trying to encourage adoption or correct usage. The aim of this CASA lecture is to systematically examine the results of these studies and identify effective ways of promoting adoption and enable correct use of cryptography.

  • Usability, utility and technology adoption
  • Security threat models and people’s mental models
  • Complexity or simplicity - who needs to know what?
  • Designing frictionless user journeys
  • Methods for testing and tweaking