• No results found

Andrew Bragdon CS166: USABLE SECURITY

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Andrew Bragdon CS166: USABLE SECURITY"

Copied!
53
0
0

Loading.... (view fulltext now)

Download now ( 53 Page )

Full text

(1)

CS166: USABLE SECURITY

(2)

WHY CRYPTOSYSTEMS FAIL

(ANDERSON, 1993)

 Traditionally, it was assumed that the biggest

security threat is from sophisticated cryptanalysis

 Assumes government (e.g. NSA)-level capabilities

 In practice, however, it is not the encryption

products but how they are deployed that is the problem

 Using the wrong products

 Poor implementation/integration  Sloppy operating procedures

(3)

WHY CRYPTOSYSTEMS FAIL (CONT.)

 Security groups are rarely well-integrated into

corporate culture

 High turnover rate

 Companies selling security products overestimate

the level of competence of their customers

 A new threat model is needed

 Need to concentrate on what is likely to happen rather than what could happen

 Features not getting used correctly

 Need to understand how security products are actually used

(4)

WHY JOHNNY CAN’T ENCRYPT

(TYGAR, 1999)

 Given no prior training…

 Can users encrypt email messages in an

(5)
(6)

WHY JOHNNY CAN’T ENCRYPT

(CONT.)

 12 participants were recruited from a political

campaign office

 Users were given Eudora and PGP and asked to

send internal messages regarding the campaign, in encrypted form

(7)

WHY JOHNNY CAN’T ENCRYPT

(RESULTS)

 1 participant was unable to figure out how to

encrypt, and two participants took > 25 min to send the 1st message

 7 participants mistakenly used their public key

to encrypt

 Only 2 participants correctly encrypted a

message in the 90 minute session

 Conclusion: standard user interface design fails

(8)

USABLE SECURITY

 Applying human-computer interaction (HCI) to

computer security

 Understanding

 How security systems are used in practice

 How a better interface can improve user security

Better practices

(9)

PAPERS OVERVIEW

 Publication landscape

 In contrast to other fields…

 Best work in CS is usually published first at

conferences

 Later collected together into Journal articles

(10)

PICTURES AT THE ATM

Moncur, W. and Leplâtre, G. 2007. Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proceedings of CHI '07. 887-894.

(11)

ATM SECURITY

 Token

 Knowledge-based password, 4-digits  Users have approx. 5 token/password

(12)
(13)

INSECURE MEMORY STRATEGIES

 Write down PINs

 Make them all the same

 Disclose them to friends and family (some

(14)

BACKGROUND

Picture Superiority Effect: People remember

images better than words, and other semantic or syntactic information

 Graphical Password Types

 Locimetric (salient points)

 Drawmetric (sketch a picture)

(15)
(16)
(17)

HYPOTHESES

 H1: Multiple graphical passwords are more

memorable than multiple PIN numbers

 H2: Memorability of multiple graphical

passwords can be improved using a mnemonic to aid recall

 H3: Memorability of multiple graphical

passwords can be improved by showing password and distracter images against a signature colored background.

(18)

METHODOLOGY

 Web-based “at home” study, 172 participants  Must remember five PIN/bank combinations  Initial training, three tests spaced by two weeks  Five groups:

 Control 0: 4-digit numeric PIN

 Experimental 1: Graphical passwords

 Experimental 2: Graphical passwords with signature color

background to augment memorability

 Experimental 3: Graphical passwords with explicit

mnemonic strategy

 Experimental 4: Graphical passwords with mnemonic

(19)
(20)
(21)
(22)

DISCUSSION

 Core hypothesis confirmed

 Users benefited from mnemonic, did not benefit

from color

 Users frequently got the right set of images, but

the wrong order

 Future work

 Larger sample size to examine large-scale patterns such as age

 Longer periods of time

(23)

HELPING USERS UNDERSTAND SECURITY

ISSUES THROUGH SYSTEM VISUALIZATION

Stoll, J., Tashman, C. S., Edwards, W., and Spafford, K. 2008. Sesame:

informing user security decisions with system visualization. In Proceeding of CHI '08. 1045-1054.

(24)

SOME REAL SECURITY PROMPTS

 “AVG Update downloader is trying to access the Internet”  “The firewall has blocked Internet access to your

computer [FTP] from 192.168.0.105 [TCP Port 57796, Flags: S]”

 “[Your] AntiSpyware has detected that the Windows

NetBIOS Messenger Service is currently running. (This service should not be confused with the peer-to-peer

Windows Messenger service, or MSN Messenger service which are used for Internet Chat). Beginning with

Windows XP Service Pack 2, the Windows NetBIOS Messenger service…

(25)

HOW DO YOU COMMUNICATE COMPLEX SECURITY CONCEPTS TO AN END USER?  Information provided by security tools is

technical, and difficult to interpret

 Users are in a hurry, and expect things to “just

work”

 Must choose between dealing with more boxes

(26)
(27)
(28)
(29)

METHODOLOGY

 20 participants (9 female, 11 male)  Undergraduates; no CS/Engineering

 None considered themselves to be “experts”  6 tasks

 4 allow/forbid incoming connection  2 phishing site tasks

(30)
(31)
(32)

DISCUSSION

 Users performed better (statistically significant)

with Sesame

 Post-interviews indicate that:

 Most participants in the control did not know how

to use information presented

 5 participants allowed/denied all requests

 All participants in experimental group used

information presented

 All users understood foreground processes, only 2 understood background processes

(33)

AN EMPIRICAL STUDY OF PHISHING

WARNINGS IN WEB BROWSERS

Egelman, S., Cranor, L. F., and Hong, J. 2008. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceeding of CHI '08. 1065-1074.

(34)
(35)
(36)
(37)
(38)

STUDY METHODOLOGY

 70 participants

 Assigned to conditions based on what browser (and

version) they use:

 Internet Explorer, Active  Internet Explorer, Passive  Firefox, Active

 Control (no warning)

 Participants were told they were in an online shopping

study; used their personal information to buy two items

 Amazon

(39)

STUDY METHODOLOGY (CONT.)

 Bought from store

 Were sent a Spear Phishing message saying

their purchase needed to be confirmed

 Checked email to confirm

 Clicking link in the message produced Phishing

(40)
(41)
(42)

DISCUSSION

 50% of IE condition recognized warning, 20% for Firefox

 IE has a very similar warning for an expired cookie

 IE warning may have suffered from habituation:

 “Oh, I always ignore those”

 “Looked like warnings I see at work which I know to ignore”  “I see them daily”

 “Since it gave me the option of proceeding to the site, I

figured it couldn’t be that bad.”

 Most participants did not appear to understand that

email can be faked; thus they were confused as to why they got this warning message

(43)

DESIGN REQUIREMENTS

 Interrupt the primary task  Provide clear choices

 Failing safely

 Preventing habituation

 Altering the phishing website

(44)

PERSUADING USERS TO INSTALL

SECURITY UPDATES

Sankarpandian, K., Little, T., and Edwards, W. K. 2008. Talc: using desktop graffiti to fight software vulnerability. In Proceeding of CHI '08. 1055-1064.

(45)
(46)

HOW DO YOU PERSUADE A USER TO INSTALL UPDATES?

 Ambient display

 Constant, non-intrusive reminder

(47)
(48)

THE GRAFFITI SOLUTION

 Allows users to respond at their own pace  Size of graffiti denotes severity

 Images chosen randomly from a

pre-determined corpus

 In order to clear the graffiti off of their desktop,

(49)

METHODOLOGY

 10 participants, recruited from outside the

university context

 Used TALC at home, on their personal

computers for a week

 TALC logged usage and patch data, and

(50)
(51)
(52)

DISCUSSION

 Users appear to return to address threats later  Users appeared to become aware of the

patches they needed to install

 Is this an appropriate solution for a business

context?

 Are there issues interpreting this type of

(53)

References

Download now ( PDF - 53 Page - 2.96 MB )

Related documents

Accurate, Re-Settable Electronic Circuit Breaker

Telecom, data networks, automotive, industrial controls and some computer applications require the ability to isolate the power source from a load fault without having to

Evaluation and treatment of low and anxious mood in Chinese-speaking international students studying in Scotland: study protocol of a pilot randomised controlled trial

The pilot trial aims to clarify many areas of uncertainty of the Chinese ver- sion of the Living Life course that would need to be addressed before moving to a future larger

A neuropsychiatric complication of oligomenorrhea according to iranian traditional medicine

disease, etc; however they could not find any exact equivalent syndrome for the uterine strangulation in the conventional medicine; Although many researchers have

How To Understand And Use Light Detection And Ranging (Lidar)

Figure 11—Perspective view of (a) a false-color, high-resolution orthophotograph of a forested area with a flight line and corresponding laser scanning swath superimposed, and

Social Immunology Awareness Survey

When we asked about how immune system diseases might occur, 27% thought they were familial or hereditary, 39% believed that they stemmed from the environment, food, or

GOUT. A. GOALS 1. Understand pathogenesis of gouty arthritis 2. Learn pharmacologic treatment for gout

It is indicated in overproduction of urate (examples: 24 hour urine uric acid >0.8 gm while on a normal diet; enzyme defect that leads to lifelong overproduction such as

Re-assigning the spectrum in the GHz band

For the entire hotspot network, the DCO results show that under the four likely scenarios there is sufficient network design capacity to accommodate all demand through the

Numerical Investigation of Roughness Effects on Transition on Spherical Capsules

To investigate the effect of micron-sized roughness on the capsule boundary layer, direct numerical simulations (DNS) of the supersonic flow around the HLB capsule and the