introduction to usable securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... ·...
TRANSCRIPT
![Page 1: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/1.jpg)
1
Introduction to Usable Security
Content from: - Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/) - some slides/content from Dr. Lorrie Cranor, CMU - some slides/content from Dr. Kasia Muldner, ASU - some slides/content from Dr. Kirstie Hawkey, UBC - some slides/content from SOUPS 2009 tutorial on Designing and Evaluating Usable Security and Privacy Technology - some slides from presentations of LERSSE (lersse.ece.ubc.ca) members
![Page 2: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/2.jpg)
THE TEASER
2
![Page 3: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/3.jpg)
Users are the weakest link (?)…
3
![Page 4: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/4.jpg)
Sometimes…
4
![Page 5: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/5.jpg)
5
![Page 6: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/6.jpg)
But are we asking too much?
6
![Page 7: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/7.jpg)
Even biometrics can be painful…
7
![Page 8: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/8.jpg)
Security as a barrier…
8
![Page 9: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/9.jpg)
Humans like to get past barriers..
9
![Page 10: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/10.jpg)
Learning Objectives
n Develop awareness of usable security n Understand the challenges of designing
for security AND usability n Obtain a little practical experience of
looking at systems from a usability perspective
10
![Page 11: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/11.jpg)
WHAT’S USABLE SECURITY?
11
![Page 12: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/12.jpg)
12
Humans “Humans are incapable of securely storing high-
quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.)”
-- C. Kaufman, R. Perlman, and M. Speciner. Network Security: PRIVATE Communication in a PUBLIC World.
2nd edition. Prentice Hall, page 237, 2002.
![Page 13: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/13.jpg)
Can we make systems secure AND usable?
usability
security
![Page 14: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/14.jpg)
usable security is about making systems secure and usable
usable security
Security
HCI
![Page 15: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/15.jpg)
example: access control in Windows
15 source: http://www.robreeder.com/projects/xgrids.html
![Page 16: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/16.jpg)
Designing and Developing Usable and Secure Systems
User-centred iterative approach n Requirements gathering n Iterative design and development process n Prototype evaluation n Design walkthroughs n Heuristic evaluation n Usability tests
■ Lab or field studies
![Page 17: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/17.jpg)
Defining usability
Usability of fruit
17
![Page 18: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/18.jpg)
Understand the user
18 $20,000 http://www.mobilewhack.com
![Page 19: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/19.jpg)
Understand the usage context
19 Neale, Carroll,, Rosson. Evaluating computer-supported cooperative work: models and frameworks. In CSCW '04.
![Page 20: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/20.jpg)
20
![Page 21: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/21.jpg)
Understand their expectations n Society's
expectations are reset every time a radically new technology is introduced.
n Expectations then move up the pyramid as that technology matures
21
Degree of abundance
![Page 22: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/22.jpg)
22
![Page 23: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/23.jpg)
Can you accelerate the process?
n Ground your design in theory/related work n Perform heuristic evaluation before
involving users ■ Pros:
n Quick & Dirty (do not need to design experiment, get users, etc)
n Good for finding obvious usability flaws ■ Cons:
n Experts are not the “typical” user!
23
![Page 24: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/24.jpg)
General Usability Heuristics n Heuristics as guidelines
■ Simple and natural dialogue ■ Speak the users' language ■ Minimize user memory load ■ Be consistent ■ Provide feedback ■ Provide clearly marked exits ■ Provide shortcuts ■ Deal with errors in positive and helpful manner ■ Provide help and documentation
![Page 25: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/25.jpg)
Principles for Secure Systems (Yee 2002) n Path of Least Resistance
■ Match the most comfortable way to do tasks with the least granting of authority.
n Active Authorization ■ Grant authority to others in accordance with user actions indicating
consent.
n Revocability ■ Offer the user ways to reduce others' authority to access the user's
resources.
n Visibility ■ Maintain accurate awareness of others' authority as relevant to user
decisions.
n Self-Awareness ■ Maintain accurate awareness of the user's own authority to access
resources.
![Page 26: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/26.jpg)
Principles for Secure Systems (Yee 2002) n Trusted Path
■ Protect the user's channels to agents that manipulate authority on the user's behalf.
n Expressiveness ■ Enable the user to express safe security policies in terms that fit the
user's task.
n Relevant Boundaries ■ Draw distinctions among objects and actions along boundaries relevant
to the task.
n Identifiability ■ Present objects and actions using distinguishable, truthful appearances.
n Foresight ■ Indicate clearly the consequences of decisions that the user is expected
to make.
![Page 27: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/27.jpg)
Guidelines for Security Interfaces (2007)
n Users should: ■ Be reliably made aware of the security tasks they
must perform ■ Be able to figure out how to successfully perform
those tasks ■ Not make dangerous errors ■ Be sufficiently comfortable with the interface to
continue using it ■ Be able to tell when their task has been completed ■ Have sufficient feedback to accurately determine the
current state of the system
First 4 from Why Johnny Can’t Encrypt – Extended (2007) by Chiasson, Biddle, & Somayaji
![Page 28: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/28.jpg)
WHY IS USABILITY SO IMPORTANT TO CONSIDER?
28
![Page 29: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/29.jpg)
29
Humans are weakest link n Most security breaches attributed to
“human error” n Social engineering attacks proliferate n Frequent security policy compliance
failures n Automated systems are generally more
predictable and accurate than humans
![Page 30: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/30.jpg)
PRINCIPLE OF LEAST PRIVILEGE IN WINDOWS
Example
30
![Page 31: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/31.jpg)
User Account Usage
All 45 participants used Administrator user account on their laptops.
31
![Page 32: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/32.jpg)
User Account Control (UAC)
n Implemented in Windows Vista & 7 n UAC intended to make the use of low privilege accounts (LUAs)
more convenient
n Two user account types ■ Run with standard privileges ■ Elevate privilege by UAC prompt
32
![Page 33: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/33.jpg)
33
Windows administrative application
Signed application Unsigned application
![Page 34: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/34.jpg)
34
UAC prompt for admin account UAC prompt for non-admin
account
![Page 35: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/35.jpg)
When participants were downloading, installing and running an application, 49%
did not respond to UAC prompts correctly.
Because
They incorrectly thought the fake prompt was related to their current task.
35
![Page 36: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/36.jpg)
When participants initiated an action that
raised UAC prompts, most (95%) consented to these prompts.
36
![Page 37: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/37.jpg)
Conclusions n The User Account Control (UAC) was not
applied by at least 69% of participants correctly ■ Those who understood UAC approach could use it correctly
n Low Privilege Accounts (LUA) were not used by any participants on their laptops ■ Lack of awareness about the benefit of LUAs and high risks of
administrator accounts ■ Unsuccessful experience with LUAs ■ Relying on expertise and security software for keeping the
system secure
37
![Page 38: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/38.jpg)
38
The human threat n Malicious humans who will attack system n Humans who don’t know when or how to
perform security-critical tasks n Humans who are unmotivated to perform
security-critical tasks properly or comply with policies
n Humans who are incapable of making sound security decisions
![Page 39: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/39.jpg)
POP!
![Page 40: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/40.jpg)
Key Usable Security Problem
n Security is a secondary task ■ Nobody buys a computer so they can spend
time securing it. ■ Time we spend configuring security and
privacy tools is time we are not spending doing what we really want to be doing with our computers
![Page 41: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/41.jpg)
Other Key Usability Problems
n Security systems and solutions are often complex ■ If the user cannot understand it, costly errors
will occur n Diverse users with diverse skills and
diverse knowledge need to incorporate security in their daily lives
![Page 42: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/42.jpg)
Grand Challenge
“Give end-users security controls they can understand
and privacy they can control for the dynamic, pervasive computing
environments of the future.” - Computing Research Association 2003
![Page 43: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/43.jpg)
Approaches to usable security n Make it “just work”
■ Invisible security n Make security/privacy understandable
■ Make it visible ■ Make it intuitive ■ Use metaphors that users can relate to ■ Help users make decisions
n Persuade the user to adopt security n Train the user
![Page 44: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/44.jpg)
Invisible Security
n When might this approach work?
44
![Page 45: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/45.jpg)
Windows Vista Firewall
example
45
![Page 46: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/46.jpg)
46
![Page 47: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/47.jpg)
Personal Firewall
in Windows Vista
47
![Page 48: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/48.jpg)
Context Dependent Functionality
48
Public (public networks)
Private (home / work networks)
Domain (controlled by Windows domain admin)
Settings automatically applied depending on network context detected
![Page 49: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/49.jpg)
Network Context in Vista Firewall
49
Public Network Location
Private Network Location
Domain Network Location
Wireless Network Connection On Off On
Local Area Connection On Off On
Bluetooth Network Connection Off Off Off
![Page 50: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/50.jpg)
2 User Interfaces:
Basic and Advanced
50
![Page 51: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/51.jpg)
51
• not intended for average users • complex
![Page 52: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/52.jpg)
52
Limited functionality and simplified interface to hide complexity from user
Does not provide necessary contextual information for the functionality it does support
![Page 53: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/53.jpg)
53
Changes applied only to profile associated with current network location and that is not obvious
![Page 54: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/54.jpg)
54
Simplified interface: • Hidden network context • Automatic switching of firewall profiles
![Page 55: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/55.jpg)
What is the Cost? • Users can be left in a dangerous situation
• Only protected in the current network context • But, believing to be protected for future network
contexts
n Must remember to replicate the change, if a similar change is wanted for future networks
55
![Page 56: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/56.jpg)
Proposed Alternative Interface:
Reveals the Hidden Context
56
![Page 57: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/57.jpg)
57
![Page 58: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/58.jpg)
User Study
58
![Page 59: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/59.jpg)
Goal
To investigate the impact of addition of contextual information to Vista Firewall basic interface on:
■ Users’ mental model of Vista Firewall functionality ■ Users’ understanding of Vista Firewall configuration
59
![Page 60: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/60.jpg)
Study Design
n Within-subjects lab study
n Screen and voice recorded
n Recruitment: ■ Online classifieds: Craigslist, Kijiji ■ University email lists ■ Flyers: posted and handed out
n University n Vancouver public places
n Participants: ■ 13 pilot testers ü 60 actual study
ü 30 first Vista firewall basic interface, then our interface ü 30 first our interface, then Vista firewall basic interface
■ 10 training at the beginning
60
![Page 61: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/61.jpg)
Gender Balance
61
30 30
![Page 62: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/62.jpg)
62
19-24
25-29
30-39
40-49
50-59
Age
High School
Bachelor
Master
Doctoral
Completed Education
![Page 63: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/63.jpg)
Occupation
63
Student
Academia Art Business
Health care
Service
Professionals
Clerical Military
Business
Arts
Nutrition Sc.
Computer Sc.
Electrical Eng.
Biology
Psychology Mining Eng. Physics
Forestry Industrial Eng.
Literature
Environmental Sc.
Chemistry
Architecture
Law
Civil Eng. Mechanical Eng.
Program
![Page 64: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/64.jpg)
64
All Daily Computer Users
Vista
Windows XP
Mac OS Linux
Windows 2000
![Page 65: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/65.jpg)
65
Context of Use
Laptop and
Desktop users
Desktop users
Laptop users
One
network
context
Variable
network
context
![Page 66: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/66.jpg)
Study Protocol
66
Introduction to the Context
Mental Model
Tasks on the 1st Interface
Tasks on the 2nd Interface
Mental Model and Understanding of Configuration
Mental Model and Understanding of Configuration
As you know we can use different network connections to connect to the Internet, like wireless or a cable. For this experiment, I set the laptop to use a wireless connection. I also can set my network for different network locations, for example public network like a coffee shop, or private network like at home. First, let’s set the location to public. Could you do that?
![Page 67: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/67.jpg)
Results
67
![Page 68: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/68.jpg)
Mental Models
n Incorrect n Incomplete n Partially complete n Complete
68
![Page 69: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/69.jpg)
Mental Models
Ø Incorrect: incorrect basic understanding of firewall operation
69
![Page 70: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/70.jpg)
Mental Models
n Incorrect
Ø Incomplete: correct basic understanding of firewall operation, without context of network location and connection
70
![Page 71: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/71.jpg)
Mental Models
n Incorrect
• Incomplete
Ø Partially complete: correct basic understanding of firewall operation, with either context of network location or connection
71
![Page 72: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/72.jpg)
Mental Models
n Incorrect
• Incomplete
• Partially complete
Ø Complete: correct basic understanding of firewall operation, with both context of network location and
connection
72
![Page 73: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/73.jpg)
73
Complete Partially complete
Incomplete
Incorrect
5 2
25 28 11
3
16
25
3
2 2
16
11
1
Initial After Alt After VF
First Vista Firewall Basic, then Alternative
![Page 74: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/74.jpg)
74
Complete Partially complete
Incomplete
Incorrect
2
28 7 20
4
6
6
1
1
13
6
7
4
Initial After VF After Alt
23
22
First Alternative, then Vista Firewall Basic
![Page 75: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/75.jpg)
Understanding Firewall
Configuration
75
Public Network Loca1on Private Network Loca1on Domain Network Loca1on Wireless Network Connec1on On û On û Unsure Local Area Connec1on On û Off û Unsure Bluetooth Network Connec1on On ü Unsure Unsure
![Page 76: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/76.jpg)
Understanding Firewall Configuration Public Network
76
Vista-‐basic: large % of incorrect Alternative interface: Understood config.
22%
100% 97%
39% 18%
100% 100%
38% 10%
3%
13%
18%
25%
68% 48%
64% 37%
0%
20%
40%
60%
80%
100%
VF Alt Alt VF VF Alt Alt VF
Before Checking Interface After Checking Interface
Incorrect Unsure Correct
![Page 77: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/77.jpg)
42.2%
26.7%
4.4%
11.1%
0%
10%
20%
30%
40%
50%
Incorrect On Incorrect Off
Incorrect Understanding of Vista Firewall Configuration
77
Public Private
Incorrect off: Incorrectly believe that firewall is off, when it is on Incorrect on: Incorrectly believe that firewall is on, when it is off
![Page 78: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/78.jpg)
Feedback on Vista Firewall Basic Interface
n Recommended Settings unclear ■ All confused why not using recommended
settings
78
“For some reason it is not on, the first thing that I am looking at is this red. This states to me is not right. It
says it is on. If it is on, this should not be highlighted in red. This should be highlighted in green saying that it is
on.” Personal trainer-Laptop user with medium level of security
experience
![Page 79: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/79.jpg)
Feedback on Alternative Interface • 56 (93%) participants liked images, fine-grained control “The second interface is much better. The pictures are very instructive.
I have more control on it and that is nice. Librarian-Both laptop and desktop user
• Some confusion about firewall state diagram
“The arrow rebounding off the firewall should only be portrayed as such if all the incoming connections are blocked. Otherwise, the arrow should be shown going through the firewall, but narrower on the
other side to represent the exceptions.” Grad Student in Electrical Eng.-Both laptop and desktop user
79
![Page 80: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/80.jpg)
Multiple Firewall Profiles
n 39 (65%) participants preferred to have only one profile
■ Easier to use as they would not have to worry about context ■ Would avoid confusion ■ The multiple firewall profiles adds overhead without a perceived benefit
80
“I would like the computer to be protected in any possible type of connection, regardless of where it is or
how it is connected to the Internet.” Undergrad Student in Biology-Laptop user
![Page 81: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/81.jpg)
Conclusions n Design of Vista Firewall basic interface does not
provide enough context for mobile users ■ If unaware that configuration changes only applied to
current network location, may be left with dangerous misconceptions
n The users’ mental models can be supported by revealing the hidden context ■ Possible to balance complexity with security
81
![Page 82: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/82.jpg)
Making security and privacy visible
n Users could better manage online privacy
and security if cues were more visible n Cues must be understandable
![Page 83: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/83.jpg)
How do we know if a security or privacy cue is usable?
n Evaluate it ■ Why is it there? ■ Do users notice it? ■ Do they know what it means? ■ Do they know what they are supposed to do
when they see it? ■ Will they actually do it? ■ Will they keep doing it?
![Page 84: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/84.jpg)
Example: Privacy Bird
n Problem: Web site privacy policies – many are posted, few are read
n Approach: ■ Determine whether the policy matches the
user’s privacy preferences ■ Notify the user
84
![Page 85: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/85.jpg)
Privacy policy�matches user’s �
privacy preferences �
Privacy policy�does not match user’s privacy
preferences�
Privacy Bird Icons
![Page 86: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/86.jpg)
Help Users Make Decisions
n Developers should not expect users to make decisions they themselves can’t make
n Present choices, not dilemmas
![Page 87: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/87.jpg)
Example: Certificate warnings
87
![Page 88: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/88.jpg)
![Page 89: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/89.jpg)
Users Don’t Check Certificates
![Page 90: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/90.jpg)
90
![Page 91: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/91.jpg)
91
![Page 92: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/92.jpg)
92
Reminder: • Why is it there? • Do users notice it? • Do they know what it means? • Do they know what they are supposed to do when they see it? • Will they actually do it? • Will they keep doing it?
Evaluate the usability of the warning and security cues.
![Page 93: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/93.jpg)
Making concepts understandable
…
![Page 94: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/94.jpg)
Making concepts understandable
• Internet Explorer 6.0 prompts the user to accept a cookie. • This prompt doesn’t tell users much about what a cookie is or how it is relevant to them. • It focuses on the act of setting a cookie, not on the replay, which is much more critical.
![Page 95: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/95.jpg)
95
Cranor’s Human in the Loop Security Framework
Human Receiver
Com
mun
icat
ion
Proc
essi
ng
App
licat
ion
Com
mun
icat
ion
Del
iver
y
Intentions
Attention Switch
Attention Maintenance
Comprehension
Knowledge Retention
Knowledge Transfer
Motivation
Attitudes and Beliefs
Knowledge Acquisition
Communication Behavior
Personal Variables
Knowledge and
Experience
Demographics and Personal
Characteristics Communication
Impediments
Interference
Environmental Stimuli
Capabilities
![Page 96: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/96.jpg)
Phishing
96
![Page 97: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/97.jpg)
97
What is phishing?
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials
(http://www.antiphishing.org) Phishing targets the end user
![Page 98: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/98.jpg)
98
![Page 99: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/99.jpg)
99
A Recent Email…
Images from Anti-Phishing Working Group’s Phishing Archive; Slide from “Pholproff Phishing Prevention” by B. Parno, C. Kuo, A Perrig
![Page 100: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/100.jpg)
100 Images from Anti-Phishing Working Group’s Phishing Archive; Slide from “Pholproff Phishing Prevention” by B. Parno, C. Kuo, A Perrig
![Page 101: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/101.jpg)
101
The next page requests: n Name n Address n Telephone n Credit Card Number, Expiration Date,
Security Code n PIN n Account Number n Personal ID n Password
Slide from “Pholproff Phishing Prevention” by B. Parno, C. Kuo, A Perrig
![Page 102: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/102.jpg)
102 Images from Anti-Phishing Working Group’s Phishing Archive
![Page 103: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/103.jpg)
103
But wait…
WHOIS 210.104.211.21: Location: Korea, Republic Of
Even bigger problem:
I don’t have an account with US Bank! Images from Anti-Phishing Working Group’s Phishing Archive; Slide from “Pholproff Phishing Prevention” by B. Parno, C. Kuo, A Perrig
![Page 104: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/104.jpg)
104
Phishing Techniques
n The cuckoo's egg: mimic a known institution (relies on graphical similarity)
n Or narrow your focus: ■ Socially-aware mining:
n E-mail is from a “known” individual
■ Context-aware attacks n Your bid on e-bay has won…
![Page 105: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/105.jpg)
105
Why is Phishing Successful? n Some users trust too readily
n Users cannot parse URLs, domain names or PKI certificates
n Users are inundated with requests, warnings and pop-ups
Slide based on one in “Pholproff Phishing Prevention” by B. Parno, C. Kuo, A Perrig
![Page 106: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/106.jpg)
106
Usable security approaches
n Educate Users
n Good user interface design (usability guidelines)
n Help users make good decisions rather than presenting dilemmas
Slide based on one in “iTrustPage: Pretty Good Phishing Protection” S. Saroiu, T. Ronda, and A. Wolman
![Page 107: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/107.jpg)
Phishing Education
n Anti-Fishing Phil n http://cups.cs.cmu.edu/antiphishing_phil/
107
![Page 108: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/108.jpg)
108
Other Solutions: Toolbars
Accountguard
spoofguard
Trustbar
![Page 109: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/109.jpg)
109
1) If you are on a verified eBay or PayPal web site.
2 ) If you are on a non eBay or PayPal web site.
![Page 110: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/110.jpg)
110
3) If you are on a potential spoof site, the icon turns red.
Will warn you when you are about to enter your eBay password into a non-eBay site .
![Page 111: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/111.jpg)
111
Account Guard Usability n Will users:
■ Be reliably made aware of the security tasks they must perform?
■ Be able to figure out how to successfully perform those tasks?
■ Not make dangerous errors? ■ Be sufficiently comfortable with the interface to continue
using it? ■ Be able to tell when their task has been completed? ■ Have sufficient feedback to accurately determine the
current state of the system?
![Page 112: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/112.jpg)
112
Cranor’s Human in the Loop Security Framework
Human Receiver
Com
mun
icat
ion
Proc
essi
ng
App
licat
ion
Com
mun
icat
ion
Del
iver
y
Intentions
Attention Switch
Attention Maintenance
Comprehension
Knowledge Retention
Knowledge Transfer
Motivation
Attitudes and Beliefs
Knowledge Acquisition
Communication Behavior
Personal Variables
Knowledge and
Experience
Demographics and Personal
Characteristics Communication
Impediments
Interference
Environmental Stimuli
Capabilities
![Page 113: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/113.jpg)
113
• Participants purchased items from 2 web stores with their own credit cards • Phishing emails asking them to log in to confirm their purchase were sent • Participants “returned” to the site • Control group + 3 phishing warning techniques
![Page 114: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/114.jpg)
Passive IE Phishing Warning
114
![Page 115: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/115.jpg)
Active IE Phishing Warning
115
![Page 116: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/116.jpg)
Active Firefox Phishing Warning
116
![Page 117: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/117.jpg)
How well do you think the phishing warnings work?
117
![Page 118: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/118.jpg)
How well do the techniques work?
118
![Page 119: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/119.jpg)
119
Cranor’s Human in the Loop Security Framework
Human Receiver
Com
mun
icat
ion
Proc
essi
ng
App
licat
ion
Com
mun
icat
ion
Del
iver
y
Intentions
Attention Switch
Attention Maintenance
Comprehension
Knowledge Retention
Knowledge Transfer
Motivation
Attitudes and Beliefs
Knowledge Acquisition
Communication Behavior
Personal Variables
Knowledge and
Experience
Demographics and Personal
Characteristics Communication
Impediments
Interference
Environmental Stimuli
Capabilities
![Page 120: Introduction to Usable Securitycourses.ece.ubc.ca/cpen442/previous_years/2012/sessions/... · 2013-07-31 · Tasks on the 1st Interface Tasks on the 2nd Interface Mental Model and](https://reader034.vdocuments.net/reader034/viewer/2022042914/5f4f59f02afa395c63035180/html5/thumbnails/120.jpg)
This Talk’s Goals
n Provide awareness of usable security n Discuss the challenges of designing for
security AND usability n Give you a little practical experience of
looking at systems from a usability perspective
120