CAREER: Identifying, quantifying, and explaining design principles and user practices that enable effective long-term key management
University Of Tennessee Knoxville, Knoxville TN
Investigators
Abstract
Many new security-related technologies have the potential to revolutionize individuals’ lives—for example, cryptocurrencies. However, the adoption of these technologies is stymied by their reliance on needing users to manage cryptographic keys (long strings of random characters). Prior research has shown users struggle to manage cryptographic keys, with existing key management systems often causing more problems than they solve. To improve the design of key management, this project investigates how key management is used in the real world. Data from these studies help identify which designs best promote utility, usability, and security, which designs fail to do so, and what new designs are needed. This project can improve our understanding of how to design key management systems that can be integrated with security-related technologies to increase their chance of being adopted. Results are being used to update and generate new curricula for university and K–12 students, helping educate and prepare the next generation of cybersecurity experts. The project will positively impact societal welfare and national defense. This project includes collecting quantitative and qualitative data about the utility, usability, and security of existing systems that rely on key management. Data are gathered from users who have successfully adopted key management systems, such as developers using end-to-end email encryption and novice users adopting a key management system for the first time. The studies examine general usage, how usage changes over time, how users manage multiple cryptographic keys, how they synchronize keys between devices, and how they recover access to lost keys. Methods include interviews, surveys, observational studies, and usability studies. Design principles identified throughout this research will be presented on a public-facing website that synthesizes this project’s results in a manner easily digested by cryptographic system vendors and other researchers. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →