HW 1: Usable Encryption and Secure Messages

In this homework you will perform a diary, reflection study and a basic interview study. We will use the data you collect as part of a class exercise.

You should upload two seperate PDF files to blackboard, one for each part of the assignment.

[LAST-NAME]-[GWID]-HW1-part1.pdf
[LAST-NAME]-[GWID]-HW1-part2.pdf

Where [LAST-NAME] is replaced with your last name (including replacing the []), [GWID] is replaced with your GWID (including replacing the []). Note that your GWID should include the G portion (as a capital letter).

For Part 1, your PDF should contain the following, well labeled items

diary entry
secret message

For Part 2, your PDF should contain the following, well labeled items

3x transcriptions of each interview
The list of codes and their meaning (like a glossary)
A summary of your results

Part 1: Sending an Encrypted Message (40 points)

Step 0: prepare

This is a journaling/diary study exercise so you should prepare for that first. You should record the following information as part of your quest to complete this problem. You should have sections in your diary entry for each of the following information.

Any google/search queries you perform, with a brief description of your thought process when searching
Any web-sites you opened, the url with a brief explanation
Any tools you installed/uninstalled and the context for selecting that tool
Your exploration of using that tools, the correct and incorrect commands you tried and the context of those commands
Any confusions or questions you had while using the tool
The steps you took in completing the task?
Finally, provide 3-to-4 paragraphs (with multiple sentences per-paragraph!) that is a full narrative, from start to end, in completing this task, as if you were relaying the story to someone in a documentary movie entitled “I sent an encrypted email.”

Essentially, try and record yourself as you do this and describe your entire process so that someone else can review your process and understand your thought process.

Add these details as part of your diary entry.

Step 1: send

Investigate an email client that will enable you to do PGP/SMIME email. Install it and generate a PGP public/private key. I have already done this and my public/private key pair for PGP email. My PGP public key for this exercise is below.

Send me an encrypted message that contains the answers to the following questions:

What is the name of the secure email client you used to complete this task
How many secure email clients did you try first?
Was this easy or hard? Explain.

This email should be sent aaviv@gwu.edu and it should ALSO be signed by your public key. Use the following subject line

HW 1: Encrypted Message: [Your Name]

Where [Your Name] (including ‘[’ and ‘]’) are replaced with your first and last name.

Step 2: receive

As part of the email you send in Step 1, or as a new email, send me your public key for your GWU email address (or another email address of your choosing). I will then send you an encrypted message containing a secret message. The message should be both encrypted and signed by the public key above. Put that secret message in the “secret” portion of your submission.

Step 3: reflect

Compete your diary entry inyour submission.

Part 2: Quick Interview (60 points)

Find three friends or family members and complete the following short semi-structured-interview about their behaviors when sharing personal details. 2021

For reference, a semi-structured interview is a method of interviewing whereby you have a few core questions, and then you ask followup, probing questions based on responses. These questions can be as simple as, “please elaborate on that some more?” Or more specific, “you said X, can you provide another example where this occurs?”

In this mini-interview, you’re going to explore what mechanisms people use to send sensitive information when requested to do so by posing them with the following scenario and then asking the following questions. Note items in braces [] are directions to you, the interviewer. Again, don’t forget to ask followup questions to get your participants to elaborate.

You are getting ready to prepare your taxes and have hired a Certified Public Accountant (CPA). They ask you to send them the following information.

A copy of your Social Security card
All income-related tax documents - W-2, 1099, etc.
All expense-related tax documents - 1098, rental expenses, etc.

Even if the details are slightly different, have you ever been in a situation like this one? If so, please describe when this occurred. [If participant hasn’t experienced this scenario, ask them to imagine that they had in answering the remaining questions]
Thinking back to when you did this. How did you provide the required information?
How satisfied were you with the method you used?
How satisfied were you with security and privacy of this method with protecting our personal information?
If you were asked to provide the same information to someone else, say a friend or family member, would you use the same methods or something else?

Transcribe your interview as best you can. Then using your three interviews, perform thematic coding, where you try and identify common themes across those interviews. Using your coding, write a summary of the results (2-3 paragraphs) and include it in your submission.

Namely, you should submit the following items as part of your pdf submissios. Make sure each is well labeled.

3x transcriptions of each interview
The list of codes and their meaning (like a glossary)
A summary of your results

If you’re interested, this mini-study is based on work done in this paper and is included as additional reading for Meeting 1

Noel Warford, Collins W. Munyendo, Ashna Mediratta, Adam J. Aviv and Michelle L. Mazurek. Strategies and Perceived Risks of Sending Sensitive Documents. 30th USENIX Security Symposium (USENIX Security 21) (Sec’21).