Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Usable secure email communications: criteria and evaluation of existing approaches

Usable secure email communications: criteria and evaluation of existing approaches Purpose – Email communication has been used for many years, and has begun to replace traditional, physical correspondence more and more. Compared to a traditional postal service, email services are easier, faster, and free of charge. Standard email, however, is, from a security point of view, more comparable to post cards than letters. Some security techniques and services exist, but few people use them due to lack of awareness, low usability, and a lack of understanding of Public Key Infrastructures (PKIs). A comprehensive comparison is missing, which makes it difficult for users to decide which email service to use. The purpose of this paper is to identify evaluation criteria covering security, usability, and interoperability aspects of email, and to apply them to existing email services. Design/methodology/approach – The authors first define criteria based on literature review, threat analysis and expert consultation. These criteria are then applied, when applicable, to existing approaches including DKIM, SPF, PGP, S/MIME and Opportunistic Encryption, and to common secure email providers including Gmail, Hushmail, and De‐Mail. Findings – None of the existing analysed services meets all the derived criteria. Based on the result of the application of these criteria and the corresponding comparison, the authors propose future directions for usable secure email communication. Originality/value – The criteria proposed are original and allow an evaluation and a comparison of different email systems that not only considers security aspects, but also the relation and trade‐offs between security, usability and interoperability. Moreover, the trust assumptions involved are also considered. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

Usable secure email communications: criteria and evaluation of existing approaches

Loading next page...
 
/lp/emerald-publishing/usable-secure-email-communications-criteria-and-evaluation-of-existing-AYDvpYxjD9

References (24)

Publisher
Emerald Publishing
Copyright
Copyright © 2013 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221311314419
Publisher site
See Article on Publisher Site

Abstract

Purpose – Email communication has been used for many years, and has begun to replace traditional, physical correspondence more and more. Compared to a traditional postal service, email services are easier, faster, and free of charge. Standard email, however, is, from a security point of view, more comparable to post cards than letters. Some security techniques and services exist, but few people use them due to lack of awareness, low usability, and a lack of understanding of Public Key Infrastructures (PKIs). A comprehensive comparison is missing, which makes it difficult for users to decide which email service to use. The purpose of this paper is to identify evaluation criteria covering security, usability, and interoperability aspects of email, and to apply them to existing email services. Design/methodology/approach – The authors first define criteria based on literature review, threat analysis and expert consultation. These criteria are then applied, when applicable, to existing approaches including DKIM, SPF, PGP, S/MIME and Opportunistic Encryption, and to common secure email providers including Gmail, Hushmail, and De‐Mail. Findings – None of the existing analysed services meets all the derived criteria. Based on the result of the application of these criteria and the corresponding comparison, the authors propose future directions for usable secure email communication. Originality/value – The criteria proposed are original and allow an evaluation and a comparison of different email systems that not only considers security aspects, but also the relation and trade‐offs between security, usability and interoperability. Moreover, the trust assumptions involved are also considered.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Mar 15, 2013

Keywords: Electronic mail; Information management; Data security; Secure email; Usable security; Criteria

There are no references for this article.