Adoption Challenges for Cryptographic Protocols
Authors: 
Konstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl, M. Angela SasseAuthors Info & Claims
Konstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl, M. Angela SasseAuthors Info & ClaimsAbstract
We interviewed cryptography experts from academia and industry to learn from their experiences with the design and deployment of cryptographic protocols. We present adoption challenges, including misaligned incentives in academia and standardization, mismatched assumptions, low-quality reference implementations, and usability issues.
References
[1]
G. Terry, N. Hayfield, V. Clarke, and V. Braun, “Thematic analysis,” SAGE Handbook Qualitative Research in Psychology. London, U.K.: SAGE Publications Ltd., 2017, vol. 2, nos. 17–37, p. 25.
[2]
K. Fischer, I. Trummová, P. Gajland, Y. Acar, S. Fahl, and M. A. Sasse, “On the challenges of bringing cryptography from papers to products: Results from an interview study with experts,” in Proc. 33rd USENIX Secur. Symp., USENIX Secur., 2024.
[3]
E. Kenneally and D. Dittrich, “The Menlo report: Ethical principles guiding information and communication technology research,” SSRN Electron. J., Aug. 2014. [Online]. Available: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2445102
[4]
P. Rogaway. “The moral character of cryptographic work.” Cryptology ePrint Archive. Accessed: Apr. 12, 2024. [Online]. Available: https://eprint.iacr.org/2015/1162
[5]
“White paper: Multi-device FIDO credentials.” FIDO Alliance. Accessed: Apr. 12, 2024. [Online]. Available: https://fidoalliance.org/white-paper-multi-device-fido-credentials/
[6]
K. G. Paterson and T. van der Merwe, “Reactive and proactive standardisation of TLS,” in Proc. Int. Conf. Res. Secur. Standardisation, Cham, Switzerland: Springer-Verlag, 2016, pp. 160–186.
[7]
A. Whitten and J. D. Tygar, “Why Johnny can’t encrypt: A usability evaluation of PGP 5.0,” in Proc. 8th USENIX Secur. Symp., 1999, pp. 169–184.
[8]
H. Malvai et al. “Parakeet: Practical key transparency for end-to-end encrypted messaging.” Cryptology ePrint Archive. Accessed: Apr. 12, 2024. [Online]. Available: https://eprint.iacr.org/2023/081.pdf
[9]
M. Barbosa, G. Barthe, K. Bhargavan, B. Blanchet, and C. Cremers, “SoK: Computer-aided cryptography,” in Proc. 42nd IEEE Symp. Secur. Privacy (SP), San Francisco, CA, USA, 2021, pp. 777–795.
[10]
M. J. Kannwischer, P. Schwabe, D. Stebila, and T. Wiggers, “Improving software quality in cryptography standardization projects,” in Proc. IEEE Eur. Symp. Secur. Privacy Workshops (EuroS&PW), Genoa, Italy, 2022, pp. 19–30.
[11]
J. Menn. “Exclusive: Secret contract tied NSA and security industry pioneer.” Reuters. Accessed: Apr. 12, 2024. [Online]. Available: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/
[12]
Y. Acar et al., “Comparing the usability of cryptographic APIs,” in Proc. IEEE Symp. Secur. Privacy (SP), San Jose, CA, USA, 2017, pp. 154–171.
[13]
N. Huaman et al., “You have to read 50 different RFCs that contradict each other’: An Interview Study on the Experiences of Implementing Cryptographic Standards,” in Proc. 33rd USENIX Secur. Symp., 2024, pp. 7249–7266.
Index Terms
- Adoption Challenges for Cryptographic Protocols
Index terms have been assigned to the content through auto-classification.
Recommendations
Stateless Cryptographic Protocols
FOCS '11: Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer ScienceSecure computation protocols inherently involve multiple rounds of interaction among the parties where, typically a party has to keep a state about what has happened in the protocol so far and then \emph{wait} for the other party to respond. We study if ...
Resource Fairness and Composability of Cryptographic Protocols
We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
Comments
Information & Contributors
Information
Published In
1540-7993 © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Educational Activities Department
United States
Publication History
Published: 01 November 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jan 2025