Investigation of the security and usability of visual and verbal public key fingerprint verification methods

Abstract

Modern end-to-end-encrypted (E2EE) applications include an optional key fingerprint
verification which allows users to establish the authenticity of a received key, and provide
assurance that all subsequent communication is confidential. An under-explored aspect
is the impact of verification mode upon user performance and perceived usability. Key
fingerprints can be verified either visually or verbally, which present very different tasks
to the user. Modern applications tend to support verification using a verbal verification,
yet previous research has largely investigated visual verification. Users may also possess a
pre-existing preference in how they prefer to process auditory–visual information, which
may in turn affect their performance.
This thesis reports the results of a systematic investigation of the impact of verification
mode upon user performance and perceived usability, with the evidence suggesting that
visual verification is more efficient and provides increased usability. A robust usability
effect was observed, with participants found to make more non-attack errors when using
both word-based and numerical fingerprints. A surprising result was the absence of a
security effect related to effectiveness, with participants found to be proficient in identifying non-identical attack fingerprints. The impact of a participant’s auditory–visual
information processing preference was also not significant, with the impact of verification
mode instead appearing to be the dominant factor.
These results demonstrate the advantages in providing users the option to verify fingerprints visually. Visual verification appears to provide reduced ambiguity about the
correctness of a received fingerprint, and though information processing preference was
not found to be an indicator of performance, participants did report a clear preference
for use of a visual verification mode. This should motivate E2EE applications to increase
their support for utilisation of a visual verification, for those users who prefer to use it.

Metadata

Supervisors:	Shahandashti, Siamak F. and Petrie, Helen
Related URLs:	Performance and Usability of Visual and Verbal Verification of Word-based Key Fingerprints (Related publication) Performance and Usability of Visual and Verbal Verification of Word-based Key Fingerprints (Related publication)
Awarding institution:	University of York
Academic Units:	The University of York > Computer Science (York)
Depositing User:	Mr Lee William Livsey
Date Deposited:	03 Nov 2023 15:17
Last Modified:	03 May 2024 00:05
Open Archives Initiative ID (OAI ID):	oai:etheses.whiterose.ac.uk:33714

Download

Examined Thesis (PDF)

Filename: Livsey_205034270_CorrectedThesisClean.pdf

Description: Final submitted thesis

Licence:
This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License

CLICK TO DOWNLOAD

You do not need to contact us to get a copy of this thesis. Please use the 'Download' link(s) above to get a copy.
You can contact us about this thesis. If you need to make a general enquiry, please see the Contact us page.

Investigation of the security and usability of visual and verbal public key fingerprint verification methods

Abstract

Metadata

Download

Examined Thesis (PDF)

Export

Statistics