Details
Original language | English |
---|---|
Title of host publication | Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 860-875 |
Number of pages | 16 |
ISBN (electronic) | 9781665413169 |
ISBN (print) | 978-1-6654-1317-6 |
Publication status | Published - 2022 |
Event | 43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, United States Duration: 23 May 2022 → 26 May 2022 |
Publication series
Name | Proceedings - IEEE Symposium on Security and Privacy |
---|---|
Volume | 2022-May |
ISSN (Print) | 1081-6011 |
ISSN (electronic) | 2375-1207 |
Abstract
Email is one of the main communication tools and has seen significant adoption in the past decades. However, emails are sent in plain text by default and allow attackers easy access. Users can protect their emails by end-to-end encrypting them using tools such as S/MIME or PGP.Although PGP had already been introduced in 1991, it is a commonly held belief that email encryption is a niche tool that has not seen widespread adoption to date. Previous user studies identified ample usability issues with email encryption such as key management and user interface challenges, which likely contribute to the limited success of email encryption.However, so far ground truth based on longitudinal field data is missing in the literature. Towards filling this gap, we measure the use of email encryption based on 27 years of data for 37,089 users at a large university. While attending to ethical and data privacy concerns, we were able to analyze the use of S/MIME and PGP in 81,612,595 emails.We found that only 5.46% of all users ever used S/MIME or PGP. This led to 0.06% encrypted and 2.8% signed emails. Users were more likely to use S/MIME than PGP by a factor of six. We saw that using multiple email clients had a negative impact on signing as well as encrypting emails and that only 3.36% of all emails between S/MIME users who had previously exchanged certificates were encrypted on average.Our results imply that the adoption of email encryption is indeed very low and that key management challenges negatively impact even users who have set up S/MIME or PGP previously.
Keywords
- email, email-encryption, encryption, pgp, s/mime, smime
ASJC Scopus subject areas
- Engineering(all)
- Safety, Risk, Reliability and Quality
- Computer Science(all)
- Software
- Computer Science(all)
- Computer Networks and Communications
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 860-875 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2022-May).
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - 27 Years and 81 Million Opportunities Later
T2 - 43rd IEEE Symposium on Security and Privacy, SP 2022
AU - Stransky, Christian
AU - Wiese, Oliver
AU - Roth, Volker
AU - Acar, Yasemin
AU - Fahl, Sascha
N1 - Funding information: The authors would like to thank the staff at the Leibniz University IT Services at Leibniz University Hannover.
PY - 2022
Y1 - 2022
N2 - Email is one of the main communication tools and has seen significant adoption in the past decades. However, emails are sent in plain text by default and allow attackers easy access. Users can protect their emails by end-to-end encrypting them using tools such as S/MIME or PGP.Although PGP had already been introduced in 1991, it is a commonly held belief that email encryption is a niche tool that has not seen widespread adoption to date. Previous user studies identified ample usability issues with email encryption such as key management and user interface challenges, which likely contribute to the limited success of email encryption.However, so far ground truth based on longitudinal field data is missing in the literature. Towards filling this gap, we measure the use of email encryption based on 27 years of data for 37,089 users at a large university. While attending to ethical and data privacy concerns, we were able to analyze the use of S/MIME and PGP in 81,612,595 emails.We found that only 5.46% of all users ever used S/MIME or PGP. This led to 0.06% encrypted and 2.8% signed emails. Users were more likely to use S/MIME than PGP by a factor of six. We saw that using multiple email clients had a negative impact on signing as well as encrypting emails and that only 3.36% of all emails between S/MIME users who had previously exchanged certificates were encrypted on average.Our results imply that the adoption of email encryption is indeed very low and that key management challenges negatively impact even users who have set up S/MIME or PGP previously.
AB - Email is one of the main communication tools and has seen significant adoption in the past decades. However, emails are sent in plain text by default and allow attackers easy access. Users can protect their emails by end-to-end encrypting them using tools such as S/MIME or PGP.Although PGP had already been introduced in 1991, it is a commonly held belief that email encryption is a niche tool that has not seen widespread adoption to date. Previous user studies identified ample usability issues with email encryption such as key management and user interface challenges, which likely contribute to the limited success of email encryption.However, so far ground truth based on longitudinal field data is missing in the literature. Towards filling this gap, we measure the use of email encryption based on 27 years of data for 37,089 users at a large university. While attending to ethical and data privacy concerns, we were able to analyze the use of S/MIME and PGP in 81,612,595 emails.We found that only 5.46% of all users ever used S/MIME or PGP. This led to 0.06% encrypted and 2.8% signed emails. Users were more likely to use S/MIME than PGP by a factor of six. We saw that using multiple email clients had a negative impact on signing as well as encrypting emails and that only 3.36% of all emails between S/MIME users who had previously exchanged certificates were encrypted on average.Our results imply that the adoption of email encryption is indeed very low and that key management challenges negatively impact even users who have set up S/MIME or PGP previously.
KW - email
KW - email-encryption
KW - encryption
KW - pgp
KW - s/mime
KW - smime
UR - http://www.scopus.com/inward/record.url?scp=85118999773&partnerID=8YFLogxK
U2 - 10.1109/SP46214.2022.9833755
DO - 10.1109/SP46214.2022.9833755
M3 - Conference contribution
AN - SCOPUS:85118999773
SN - 978-1-6654-1317-6
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 860
EP - 875
BT - Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 23 May 2022 through 26 May 2022
ER -