CAREER: Identifying, quantifying, and explaining design principles and user practices that enable effective long-term key management

职业：识别、量化和解释设计原则和用户实践，以实现有效的长期密钥管理

• 批准号: 2238001
• 负责人: Scott Ruoti
• 金额: $ 65.42万
• 依托单位: University of Tennessee Knoxville
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-01 至 2028-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2238001&HistoricalAwards=false
• 关键词: CAREER; Identifying; quantifying; explaining; design

Many new security-related technologies have the potential to revolutionize individuals’ lives—for example, cryptocurrencies. However, the adoption of these technologies is stymied by their reliance on needing users to manage cryptographic keys (long strings of random characters). Prior research has shown users struggle to manage cryptographic keys, with existing key management systems often causing more problems than they solve. To improve the design of key management, this project investigates how key management is used in the real world. Data from these studies help identify which designs best promote utility, usability, and security, which designs fail to do so, and what new designs are needed. This project can improve our understanding of how to design key management systems that can be integrated with security-related technologies to increase their chance of being adopted. Results are being used to update and generate new curricula for university and K–12 students, helping educate and prepare the next generation of cybersecurity experts. The project will positively impact societal welfare and national defense.This project includes collecting quantitative and qualitative data about the utility, usability, and security of existing systems that rely on key management. Data are gathered from users who have successfully adopted key management systems, such as developers using end-to-end email encryption and novice users adopting a key management system for the first time. The studies examine general usage, how usage changes over time, how users manage multiple cryptographic keys, how they synchronize keys between devices, and how they recover access to lost keys. Methods include interviews, surveys, observational studies, and usability studies. Design principles identified throughout this research will be presented on a public-facing website that synthesizes this project’s results in a manner easily digested by cryptographic system vendors and other researchers.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

许多新的安全相关技术有可能彻底改变个人的生活，例如加密货币，但是，这些技术的采用因需要用户管理加密密钥（长字符串随机字符）而受到阻碍。表明用户很难管理加密密钥，现有的密钥管理系统通常会导致比其解决的问题更多的问题，为了改进密钥管理的设计，该项目研究了如何在现实世界中使用密钥管理，这些研究中的数据有助于确定哪些设计。最好地促进效用，可用性和安全性，哪些设计未能做到这一点，以及需要哪些新设计。该项目可以提高我们对如何设计可与安全相关技术集成的密钥管理系统的理解，以增加其被采用的机会。正在用于更新和生成大学和 K-12 学生的新课程，帮助教育和培养下一代网络安全专家。该项目将对社会福利和国防产生积极影响。该项目包括收集有关公用事业的定量和定性数据。依赖密钥的现有系统的可用性和安全性数据是从已成功采用密钥管理系统的用户那里收集的，例如使用端到端电子邮件加密的开发人员和首次采用密钥管理系统的新手用户。这些研究考察了一般使用情况以及使用情况如何随时间变化。 ，用户如何管理多个加密密钥，如何在设备之间同步密钥，以及如何恢复对丢失密钥的访问。本研究确定的设计原则将在公开场合提出。面向综合该项目结果的网站以一种容易被密码系统供应商和其他研究人员消化的方式。该奖项反映了 NSF 的法定使命，并且通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。