Last modified: 09/16/03 07:19:48 AM
"Effective PKI Requires Effective HCI"
ACM/CHI2003 Workshop on Human-Computer Interaction and Security Systems.
PKI researchers keep producing applications that use public key
cryptography to enable human users (and service
providers) to make effective trust judgments across organizational
boundaries. However, too often, when we look
closely, these judgments are unfounded; a moderately malicious
adversary can often defeat the system. This position
paper posits that this problem is endemic to current efforts
that attempt to graft PKI onto pre-existing systems, while
neglecting how humans perceive the "trusted activity" that is
occurring. Effective PKI may require a fundamental reconsideration
of these systems in terms of HCI.
"Humans in the Loop," 2003