Paper 2019/734

From Usability to Secure Computing and Back Again

Lucy Qin, Andrei Lapets, Frederick Jansen, Peter Flockhart, Kinan Dak Albab, Ira Globus-Harris, Shannon Roberts, and Mayank Varia

Abstract

Secure multi-party computation (MPC) allows multiple parties to jointly compute the output of a function while preserving the privacy of any individual party's inputs to that function. As MPC protocols transition from research prototypes to real-world applications, the usability of MPC-enabled applications is increasingly critical to their successful deployment and wide adoption. Our Web-MPC platform, designed with a focus on usability, has been deployed for privacy-preserving data aggregation initiatives with the City of Boston and the Greater Boston Chamber of Commerce. After building and deploying an initial version of this platform, we conducted a heuristic evaluation to identify additional usability improvements and implemented corresponding application enhancements. However, it is difficult to gauge the effectiveness of these changes within the context of real-world deployments using traditional web analytics tools without compromising the security guarantees of the platform. This work consists of two contributions that address this challenge: (1) the Web-MPC platform has been extended with the capability to collect web analytics using existing MPC protocols, and (2) this capability has been leveraged to conduct a usability study comparing the two version of Web-MPC (before and after the heuristic evaluation and associated improvements). While many efforts have focused on ways to enhance the usability of privacy-preserving technologies, this study can serve as a model for using a privacy-preserving data-driven approach in evaluating or enhancing the usability of privacy-preserving websites and applications deployed in real-world scenarios. The data collected in this study yields insights about the interplay between usability and security that can help inform future implementations of applications that employ MPC.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. to appear in USENIX Symposium on Usable Privacy and Security (SOUPS) 2019
Keywords
secure multi-party computation (MPC)usabilityreal-world deploymentapplied cryptography
Contact author(s)
lucyq @ bu edu
lapets @ bu edu
History
2019-06-21: received
Short URL
https://ia.cr/2019/734
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/734,
      author = {Lucy Qin and Andrei Lapets and Frederick Jansen and Peter Flockhart and Kinan Dak Albab and Ira Globus-Harris and Shannon Roberts and Mayank Varia},
      title = {From Usability to Secure Computing and Back Again},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/734},
      year = {2019},
      url = {https://eprint.iacr.org/2019/734}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.