From usability to secure computing and back again
Files
Published version
Date
2019-08-11
DOI
Authors
Qin, Lucy
Lapets, Andrei
Jansen, Frederick
Flockhart, Peter
Albab, Kinan Dak
Globus-Harris, Ira
Roberts, Shannon
Varia, Mayank
Version
Published version
OA Version
Citation
Lucy Qin, Andrei Lapets, Frederick Jansen, Peter Flockhart, Kinan Dak Albab, Ira Globus-Harris, Shannon Roberts, Mayank Varia. 2019. "From Usability to Secure Computing and Back Again.." Symposium on Usable Privacy and Security (SOUPS), Volume 2019, pp. 734.
Abstract
Secure multi-party computation (MPC) allows multiple parties
to jointly compute the output of a function while preserving
the privacy of any individual party’s inputs to that function.
As MPC protocols transition from research prototypes to realworld
applications, the usability of MPC-enabled applications
is increasingly critical to their successful deployment and
widespread adoption. Our Web-MPC platform, designed with
a focus on usability, has been deployed for privacy-preserving
data aggregation initiatives with the City of Boston and the
Greater Boston Chamber of Commerce. After building and
deploying an initial version of the platform, we conducted a
heuristic evaluation to identify usability improvements and
implemented corresponding application enhancements. However,
it is difficult to gauge the effectiveness of these changes
within the context of real-world deployments using traditional
web analytics tools without compromising the security guarantees
of the platform. This work consists of two contributions
that address this challenge: (1) the Web-MPC platform has
been extended with the capability to collect web analytics
using existing MPC protocols, and (2) as a test of this feature
and a way to inform future work, this capability has been
leveraged to conduct a usability study comparing the two versions
ofWeb-MPC. While many efforts have focused on ways
to enhance the usability of privacy-preserving technologies,
this study serves as a model for using a privacy-preserving
data-driven approach to evaluate and enhance the usability of
privacy-preserving websites and applications deployed in realworld
scenarios. Data collected in this study yields insights
into the relationship between usability and security; these can
help inform future implementations of MPC solutions.
Description
License
Copyright is held by the author/owner. Permission to make digital or hardcopies of all or part of this work for personal or classroom use is grantedwithout fee. USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins.