Human Aspects in Secure Messaging
Human Aspects in Secure Messaging
Dokument öffnen (5.9MB)Art der Hochschulschrift
DissertationPrüfungsdatum
29.04.2025Datum der Veröffentlichung
05.06.2025Erstgutachter
Smith, MatthewZweitgutachter
Meier, MichaelMetadaten
Zur Langanzeige
Zitierbare Links 
Inhalt
The widespread adoption of digital communication demands robust security and privacy protections, particularly through secure messaging systems that can protect personal and sensitive information. Despite advancements in end-to-end security, encryption, and anonymity, significant gaps remain in usability and user trust, limiting widespread adoption. This cumulative dissertation examines the human aspects of secure messaging systems through four peer-reviewed studies, addressing fundamental challenges in usability, trust establishment, and practical implementations.
Diverse methodological approaches drive the research, including systematic protocol analysis with a focus on human aspects, large-scale empirical studies, and qualitative investigations, alongside the proposal and evaluation of improved technical implementations. First, a comprehensive systematization of knowledge establishes a unified framework for evaluating secure messaging protocols and “in-the-wild” tools, investigating critical gaps in current approaches. Second, an empirical study with 1047 participants examines fingerprint representation approaches for trust establishment. Third, qualitative research explores potential misconceptions in user mental models and trust for end-to-end security in general. Finally, a novel hardware-based approach utilizing NFC-enabled wearables demonstrates practical solutions for simplifying cryptographic key management while maintaining security.
Key findings indicate that (1) trust establishment remains the cornerstone of secure messaging, as it requires user interaction and underpins the entire security guarantees; failure in this area compromises the system entirely. (2) traditional hex-based fingerprint representations significantly underperform in both attack detection and perceived usability compared to the proposed sentence-based representation, but also numeric representation, as commonly used outside cryptographic contexts, also proving more effective; (3) users mistrust messaging platforms and security features in general and substantially overestimate attackers while underestimating cryptographic capabilities; and (4) less invasive security mechanisms as with using wearables show promise for broader adoption. The findings align with current developments in secure messaging applications, where similar verification approaches are used.
This work advances the field of usable security by bridging theoretical understanding with practical implementation, contributing to the development of more effective and accessible secure communication systems. The findings provide guidance for designing next-generation secure messaging solutions that balance robust security with user needs and capabilities.
Diverse methodological approaches drive the research, including systematic protocol analysis with a focus on human aspects, large-scale empirical studies, and qualitative investigations, alongside the proposal and evaluation of improved technical implementations. First, a comprehensive systematization of knowledge establishes a unified framework for evaluating secure messaging protocols and “in-the-wild” tools, investigating critical gaps in current approaches. Second, an empirical study with 1047 participants examines fingerprint representation approaches for trust establishment. Third, qualitative research explores potential misconceptions in user mental models and trust for end-to-end security in general. Finally, a novel hardware-based approach utilizing NFC-enabled wearables demonstrates practical solutions for simplifying cryptographic key management while maintaining security.
Key findings indicate that (1) trust establishment remains the cornerstone of secure messaging, as it requires user interaction and underpins the entire security guarantees; failure in this area compromises the system entirely. (2) traditional hex-based fingerprint representations significantly underperform in both attack detection and perceived usability compared to the proposed sentence-based representation, but also numeric representation, as commonly used outside cryptographic contexts, also proving more effective; (3) users mistrust messaging platforms and security features in general and substantially overestimate attackers while underestimating cryptographic capabilities; and (4) less invasive security mechanisms as with using wearables show promise for broader adoption. The findings align with current developments in secure messaging applications, where similar verification approaches are used.
This work advances the field of usable security by bridging theoretical understanding with practical implementation, contributing to the development of more effective and accessible secure communication systems. The findings provide guidance for designing next-generation secure messaging solutions that balance robust security with user needs and capabilities.
Bemerkung
In reference to IEEE copyrighted material which is used with permission in this thesis, the IEEE does not endorse any of University of Bonn's products or services. Internal or personal use of this material is permitted. If interested in reprinting/republishing IEEE copyrighted material for advertising or promotional purposes or for creating new collective works for resale or redistribution, please go to http://www.ieee.org/publications_standards/publications/rights/rights_link.html to learn how to obtain a License from RightsLink.Schlagwörter
secure messaging, usable security
Klassifikation (DDC)
004 InformatikDechand, Sergej: Human Aspects in Secure Messaging. - Bonn, 2025. - Dissertation, Rheinische Friedrich-Wilhelms-Universität Bonn.
Online-Ausgabe in bonndoc: https://nbn-resolving.org/urn:nbn:de:hbz:5-82661
Online-Ausgabe in bonndoc: https://nbn-resolving.org/urn:nbn:de:hbz:5-82661
@phdthesis{handle:20.500.11811/13121,
urn: https://nbn-resolving.org/urn:nbn:de:hbz:5-82661,
author = {{Sergej Dechand}},
title = {Human Aspects in Secure Messaging},
school = {Rheinische Friedrich-Wilhelms-Universität Bonn},
year = 2025,
month = jun,
note = {The widespread adoption of digital communication demands robust security and privacy protections, particularly through secure messaging systems that can protect personal and sensitive information. Despite advancements in end-to-end security, encryption, and anonymity, significant gaps remain in usability and user trust, limiting widespread adoption. This cumulative dissertation examines the human aspects of secure messaging systems through four peer-reviewed studies, addressing fundamental challenges in usability, trust establishment, and practical implementations.
Diverse methodological approaches drive the research, including systematic protocol analysis with a focus on human aspects, large-scale empirical studies, and qualitative investigations, alongside the proposal and evaluation of improved technical implementations. First, a comprehensive systematization of knowledge establishes a unified framework for evaluating secure messaging protocols and “in-the-wild” tools, investigating critical gaps in current approaches. Second, an empirical study with 1047 participants examines fingerprint representation approaches for trust establishment. Third, qualitative research explores potential misconceptions in user mental models and trust for end-to-end security in general. Finally, a novel hardware-based approach utilizing NFC-enabled wearables demonstrates practical solutions for simplifying cryptographic key management while maintaining security.
Key findings indicate that (1) trust establishment remains the cornerstone of secure messaging, as it requires user interaction and underpins the entire security guarantees; failure in this area compromises the system entirely. (2) traditional hex-based fingerprint representations significantly underperform in both attack detection and perceived usability compared to the proposed sentence-based representation, but also numeric representation, as commonly used outside cryptographic contexts, also proving more effective; (3) users mistrust messaging platforms and security features in general and substantially overestimate attackers while underestimating cryptographic capabilities; and (4) less invasive security mechanisms as with using wearables show promise for broader adoption. The findings align with current developments in secure messaging applications, where similar verification approaches are used.
This work advances the field of usable security by bridging theoretical understanding with practical implementation, contributing to the development of more effective and accessible secure communication systems. The findings provide guidance for designing next-generation secure messaging solutions that balance robust security with user needs and capabilities.},
url = {https://hdl.handle.net/20.500.11811/13121}
}
urn: https://nbn-resolving.org/urn:nbn:de:hbz:5-82661,
author = {{Sergej Dechand}},
title = {Human Aspects in Secure Messaging},
school = {Rheinische Friedrich-Wilhelms-Universität Bonn},
year = 2025,
month = jun,
note = {The widespread adoption of digital communication demands robust security and privacy protections, particularly through secure messaging systems that can protect personal and sensitive information. Despite advancements in end-to-end security, encryption, and anonymity, significant gaps remain in usability and user trust, limiting widespread adoption. This cumulative dissertation examines the human aspects of secure messaging systems through four peer-reviewed studies, addressing fundamental challenges in usability, trust establishment, and practical implementations.
Diverse methodological approaches drive the research, including systematic protocol analysis with a focus on human aspects, large-scale empirical studies, and qualitative investigations, alongside the proposal and evaluation of improved technical implementations. First, a comprehensive systematization of knowledge establishes a unified framework for evaluating secure messaging protocols and “in-the-wild” tools, investigating critical gaps in current approaches. Second, an empirical study with 1047 participants examines fingerprint representation approaches for trust establishment. Third, qualitative research explores potential misconceptions in user mental models and trust for end-to-end security in general. Finally, a novel hardware-based approach utilizing NFC-enabled wearables demonstrates practical solutions for simplifying cryptographic key management while maintaining security.
Key findings indicate that (1) trust establishment remains the cornerstone of secure messaging, as it requires user interaction and underpins the entire security guarantees; failure in this area compromises the system entirely. (2) traditional hex-based fingerprint representations significantly underperform in both attack detection and perceived usability compared to the proposed sentence-based representation, but also numeric representation, as commonly used outside cryptographic contexts, also proving more effective; (3) users mistrust messaging platforms and security features in general and substantially overestimate attackers while underestimating cryptographic capabilities; and (4) less invasive security mechanisms as with using wearables show promise for broader adoption. The findings align with current developments in secure messaging applications, where similar verification approaches are used.
This work advances the field of usable security by bridging theoretical understanding with practical implementation, contributing to the development of more effective and accessible secure communication systems. The findings provide guidance for designing next-generation secure messaging solutions that balance robust security with user needs and capabilities.},
url = {https://hdl.handle.net/20.500.11811/13121}
}
Die folgenden Nutzungsbestimmungen sind mit dieser Ressource verbunden:
