Real World Crypto 2021 - Session 5: Humans, Policy, and Crypto


Prev | Up | Next

Session video

Katharina Krombholz (CISPA/SBA Research Saarbruecken) / Mental Models of Cryptographic Protocols - Understanding Users to Improve Security / video slides

Two of her related recent papers:

She describes a spectrum of the humans involved in cryptosystems, from theory through to practice.

(theory) cryptographer - protocol designer - API designer - software developer - system integrator -adminstrator - decision maker - end-user (practice)

Human-centric perspective on all the different positions on the timeline from cryptographer through to end-user in which humans cause problems with supposedly secure protocols. Many end-users are ‘scared of crypto’ or have ‘absolutely no idea what I’m doing (with crypto)’. Even administrators often have no idea what their decisions wrt crypto end up causing.

end-users' mental models tend to be conceptual, whereas adminstrators' mental models are protocol-based. for cryptocurrencies users' mental models are based on the tools they have to use.

Aside: see cryptodoneright

Sarah Scheffler (Uni Boston) / Protecting Cryptography against compelled self-incrimination / paper video

Robert Andrews v State of New Jersey, in which RA was compelled to provide the code to unlock his iPhone, but he claimed his 5th amendment rights to refuse to do so.

• Legal implications of using cryptography - can the law compel folk to decrypt devices?
• using crypoography to understand the law - using cryptographic simulation to understand the ‘foregone conclusion doctrine’

Testimony protected under 5th Amendment = ‘pure testimony’ + ‘implicit testimony’ - ‘foregone conclusion’