1

Engineering & Public Policy

Usable Privacy and Security

Lorrie Faith Cranor

2

Usable privacy and security research bridges privacy/security and usability/HCI

Security/Privacy Usability/HCIUsable Privacy & Security

Humans are a secondary constraint to security/privacy constraints

Humans are the primary constraint, security/privacy rarely considered

Human factors and security are both primary constraints

Humans considered primarily in their role as adversaries/attackers

Concerned about human error but not human attackers

Concerned about both normal users and adversaries

Involves threat models

Involves task models, mental models, cognitive models

Involves threat models AND task models, mental models, etc.

Focus on security metrics

Focus on usability metrics

Considers usability and security metrics together

User studies rarely done

User studies common User studies common, often involve deception + active adversary

User-selected graphical passwords

Security/Privacy Usability/HCIUsable Privacy & Security

What is the space of possible passwords?

How can we make the password space larger to make the password harder to guess?

How are the stored passwords secured?

Can an attacker gain knowledge by observing a user entering her password?

How difficult is it for a user to create, remember, and enter a graphical password? How long does it take?

How hard is it for users to learn the system?

Are users motivated to put in effort to create good passwords?

Is the system accessible using a variety of devices, for users with disabilities?

All the security/privacy and usability HCI questions

How do users select graphical passwords? How can we help them choose passwords harder for attackers to predict?

As the password space increases, what are the impacts on usability factors and predictability of human selection?

4

How can we make secure systems more usable?• Make it “just work”

– Invisible security– Automation

• Make security/privacy understandable

– Make it visible– Make it intuitive– Use metaphors that

users can relate to– Human-centered design

• Train the user

5

Better together

• Examining security/privacy and usability together is often critical for achieving either

• Examples

– Passwords• Users cope with some measures to increase password security by

behaving in predictable ways• Some efforts to make passwords easier also make it much easier

for an attacker to guess a password– Access control

• The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy

– Privacy tools• Users who misunderstand how to use privacy tools don’t configure

them properly• Some simple privacy tools don’t provide much protection

6

References

• S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Of passwords and people: Measuring the effect of password-composition policies. CHI 2011.

• R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011.

• P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012.

See also related papers listed at http://cups.cs.cmu.edu/