Abstract
End-to-end encryption (E2EE) of everyday communication plays an essential role in protecting citizens from mass surveillance. The especially vulnerable group of children and young adolescents move quickly between chat apps and use them frequently and intensively. Yet they have had the least time to learn about online security compared to other age groups. In a two-part study conducted with four classes at a junior high school (\(N = 86\) students, ages 12–16), we examined perceptions of security and privacy threats related to chat apps and understanding of E2EE using a questionnaire. A pre-post measure allowed us to examine how a short instruction video shown in class to explain the concept of E2EE and how it works in chat apps affected students’ security understanding and threat perceptions. Our results show that students are aware of a variety of online threats but they are not familiar with the term E2EE. After the instruction, students gained confidence in explaining the concept of encryption and their understanding of the security features of E2EE improved. Our results also show that explanation of threats and E2EE can shift the intention of some participants towards tools that offer more protection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Opportunistic E2EE: A system where users do not verify the correctness of their encryption keys for a given contact. The key server has to be trusted by users.
References
Abu-Salma, R., Redmiles, E.M., Ur, B., Wei, M.: Exploring user mental models of end-to-end encrypted communication tools. In: 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18) (2018)
Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 137–153. IEEE (2017)
Akgul, O., Bai, W., Das, S., Mazurek, M.L.: Evaluating in-workflow messages for improving mental models of end-to-end encryption. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, August 2021
Anderson, M., Jiang, J.: Teens, social media and technology 2018. Pew Research Center 31, 2018 (2018)
Bai, W., Pearson, M., Kelley, P.G., Mazurek, M.L.: Improving non-experts’ understanding of end-to-end encryption: an exploratory study. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &P), pp. 210–219 (2020). https://doi.org/10.1109/EuroSPW51379.2020.00036
Bandura, A.: Self-efficacy: toward a unifying theory of behavioral change. Psychol. Rev. 84, 191–215 (1977). https://doi.org/10.1037//0033-295x.84.2.191
Dechand, S., Naiakshina, A., Danilova, A., Smith, M.: In encryption we don’t trust: the effect of end-to-end encryption to the masses on user perception. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 401–415. IEEE (2019)
Demjaha, A., Spring, J.M., Becker, I., Parkin, S., Sasse, M.A.: Metaphors considered harmful? An exploratory study of the effectiveness of functional metaphors for end-to-end encryption. In: Proceedings 2018 Workshop on Usable Security, vol. 2018. Internet Society (2018)
Dengel, A.: Public-private-key encryption in virtual reality: predictors of students’ learning outcomes for teaching the idea of asymmetric encryption. CoolThink@ JC, p. 41 (2020)
diSessa, A.: Models of computation. In: Norman, D.A., Draper, S.W. (eds.) User Centered System Design: New Perspectives on Human-Computer Interaction, pp. 201–218. Lawrence Erlbaum Associates, Hillsdale (1986)
Electronic Frontier Foundation: Surveillance self-defense: tips, tools and how-tos for safer online communications. https://ssd.eff.org/en
Field, A.: Discovering Statistics Using IBM SPSS Statistics, 4th edn. Sage, London (2013)
Freelon, D.G.: ReCal: intercoder reliability calculation as a web service. Int. J. Internet Sci. 5(1), 20–33 (2010)
Gerber, N., Zimmermann, V., Henhapl, B., Emeröz, S., Volkamer, M.: Finally Johnny can encrypt: but does this make him feel more secure? In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–10 (2018)
Herzberg, A., Leibowitz, H.: Can Johnny finally encrypt? Evaluating E2E-encryption in popular IM applications. In: Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust, pp. 17–28 (2016)
Johnson-Laird, P.N.: Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness. Harvard University Press (1983)
Krombholz, K., Busse, K., Pfeffer, K., Smith, M., von Zezschwitz, E.: “If HTTPS were secure, I wouldn’t need 2FA”- End user and administrator mental models of HTTPS. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 246–263. IEEE (2019)
Lindmeier, A., Mühling, A.: Keeping secrets: K-12 students’ understanding of cryptography. In: Proceedings of the 15th Workshop on Primary and Secondary Computing Education. WiPSCE 2020. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3421590.3421630
O’Connor, C., Joffe, H.: Intercoder reliability in qualitative research: debates and practical guidelines. Int. J. Qual. Methods 19, 1–13 (2020). https://doi.org/10.1177/1609406919899220
Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)
Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When signal hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016)
Team Guild: A timeline of trouble: Facebook’s privacy record, August 2021. https://guild.co/blog/complete-list-timeline-of-facebook-scandals/. Posted 04 Aug 2012
Vaziripour, E., et al.: Is that you, Alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017)
Weirich, D., Sasse, M.A.: Pretty good persuasion: a first step towards effective password security in the real world. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 137–143 (2001)
Wenger, E.: Communities of practice and social learning systems: the career of a concept. In: Blackmore, C. (ed.) Social Learning Systems and Communities of Practice, pp. 179–198. Springer, London (2010). https://doi.org/10.1007/978-1-84996-133-2_11
Wu, J., Zappala, D.: When is a tree really a truck? Exploring mental models of encryption. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 395–409. USENIX Association, Baltimore (2018)
Acknowledgment
Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 Code Frequencies for Free-Text Answers Before (t1) and After (t2) the Instruction Video
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Schaewitz, L., Lohmann, C.A., Fischer, K., Sasse, M.A. (2022). Bringing Crypto Knowledge to School: Examining and Improving Junior High School Students’ Security Assumptions About Encrypted Chat Apps. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-10183-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10182-3
Online ISBN: 978-3-031-10183-0
eBook Packages: Computer ScienceComputer Science (R0)