A Comparative Usability Study of Key Management in Secure Email


Scott Ruoti, University of Tennessee; Jeff Andersen, Tyler Monson, Daniel Zappala, and Kent Seamons, Brigham Young University


We conducted a user study that compares three secure email tools that share a common user interface and differ only by key management scheme: passwords, public key directory (PKD), and identity-based encryption (IBE). Our work is the first comparative (i.e., A/B) usability evaluation of three different key management schemes and utilizes a standard quantitative metric for cross-system comparisons. We also share qualitative feedback from participants that provides valuable insights into user attitudes regarding each key management approach and secure email generally. The study serves as a model for future secure email research with A/B studies, standard metrics, and the two-person study methodology.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {219420,
author = {Scott Ruoti and Jeff Andersen and Tyler Monson and Daniel Zappala and Kent Seamons},
title = {A Comparative Usability Study of Key Management in Secure Email},
booktitle = {Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018)},
year = {2018},
isbn = {978-1-931971-45-4},
address = {Baltimore, MD},
pages = {375--394},
url = {https://www.usenix.org/conference/soups2018/presentation/ruoti},
publisher = {{USENIX} Association},