TeamUSEC
Projects
Publications
Classes
Theses
Team
Code of Conduct
Projects
Publications
Classes
Theses
Team
Code of Conduct

On The Challenges of Bringing Cryptography from Papers to Products: Results from an Interview Study with Experts

Konstantin Fischer, Ivana Trummová, Phillip Gajland, Yasemin Acar, Sascha Fahl and Angela Sasse.
In 33rd USENIX Security Symposium, USENIX Security '24, August 14-16, 2024
Website PDF Abstract Cite URL

Please note that this is the extended version of the paper.

Abstract

Cryptography serves as the cornerstone of information security and privacy in modern society. While notable progress has been made in the implementation of cryptographic techniques, a substantial portion of research outputs in cryptography, which strive to offer robust security solutions, are either implemented inadequately or not at all. Our study aims to investigate the challenges involved in bringing cryptography innovations from papers to products.

To address this open question, we conducted 21 semistructured interviews with cryptography experts who possess extensive experience (10+ years) in academia, industry, and nonprofit and governmental organizations. We aimed to gain insights into their experiences with deploying cryptographic research outputs, their perspectives on the process of bringing cryptography to products, and the necessary changes within the cryptography ecosystem to facilitate faster, wider, and more secure adoption.

We identified several challenges including misunderstandings and miscommunication among stakeholders, unclear delineation of responsibilities, misaligned or conflicting incentives, and usability challenges when bringing cryptography from theoretical papers to end user products. Drawing upon our findings, we provide a set of recommendations for cryptography researchers and practitioners. We encourage better supporting cross-disciplinary engagement between cryptographers, standardization organizations, and software developers for increased cryptography adoption.

Reference

@inproceedings{conf/usenix/fischer24,
	title	  = {On The Challenges of Bringing Cryptography from Papers to Products: Results from an Interview Study with Experts},
	author    =	{Konstantin Fischer and
			  Ivana Trummová and
			  Phillip Gajland and
			  Yasemin Acar and
			  Sascha Fahl and
			  Angela Sasse},
	booktitle = {In 33rd {USENIX} Security Symposium, {USENIX} Security '24, Philadelphia, PA, USA, August 14-16, 2024},
	month     = {Aug},
	year      = {2024},
	publisher = {USENIX Association},
	url		  = {https://www.usenix.org/conference/usenixsecurity24/presentation/fischer},
}