Designing Human-centric security protocols

Designing Human-centric security protocols

연구 분야: Verification

학회: International Conference on Information Technology and Communications Security

Security protocols and mechanisms are, or at least should be, designed by technical people, ideally cryptographers. This is natural enough but it does have the consequence that the resulting protocols are suited for techie people but all too often badly suited to “real” people. The resulting mismatch of incentives and mindsets is a major source of security failures. We discuss this issue along with possible remedies, illustrating it mainly with examples from the design of secure, verifiable voting systems, where it is thrown into sharp focus. In particular, we discuss the extent to which security mechanisms can be made transparent to users while minimizing trust assumptions.