+ All Categories
Home > Documents > Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security...

Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security...

Date post: 05-Jun-2020
Category:
Upload: others
View: 9 times
Download: 0 times
Share this document with a friend
50
Usable Security Hyoungshick Kim Department of Software College of Software Sungkyunkwan University Sungkyunkwan University http://seclab.skku.edu/
Transcript
Page 1: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Usable Security

Hyoungshick Kim

Department of Software

College of Software

Sungkyunkwan University

Sungkyunkwan University

http://seclab.skku.edu/

Page 2: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Assistant Professor in Department of Software,

Sungkyunkwan University

• Education

✓ Ph.D. in Computer Science, University of Cambridge

• Experiences

✓ Professor, Sungkyunkwan University, Korea (2013 – present)

✓ Postdoctoral Fellow, University of British Columbia, Canada

(2012-2013)

✓ Senior Engineer, Samsung Electronics (2004-2008)

• Research interests:

✓ Security engineering

✓ Usable security

✓ Software security

• Homepage: http://seclab.skku.edu/

Hyoungshick Kim (김형식)

• Lab members:

• Academic staff: 2

• PhD students: 4

• MS students: 14

Page 3: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Why should we make secure systems more usable?

[“I Feel Like I’m Taking Selfies All Day!

Towards Understanding Biometric

Authentication on Smartphones”, CHI 2015]

Page 4: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Why did I study usable security?

Joseph Bonneau(http://jbonneau.com/ )

He is particularly interested in secure communication

tools, cryptocurrencies, password and web

authentication, and HTTPS and PKI on the web.

Page 5: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Usability and Security

• Usability and security are often seen as competing design goals

• However, security mechanisms have to be usable to be effective

– Otherwise, mechanisms that are not employed in practice or that are used incorrectly, provide little or no protection

– For example, many people don’t use AV solutions because they believe security solutions will degrade the performance of their systems

Page 6: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security
Page 7: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security
Page 8: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Our system should include …

App App

OS

Hardware

You

Without understanding human behavior correctly, we cannot build a secure system!

Page 9: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Users are the weakest link?

Page 10: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

But are we asking too much?

Help me!

Page 11: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Our brain is not a storage device

≠Pattern recognition Large memory

Page 12: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

A simple experiment

abcd1234 u$4Kv9:jabcd1234 u4$Kv9:j

Which one is easier to remember?

Page 13: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

So we chose ‘password’, ‘123456’ …

Top 10 worst passwords (2014) compiled from

millions of stolen passwords by hackers.

Page 14: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Is password policy a good solution?

Page 15: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Security nerds’ imagination

123456$

Real-world password

u4$Kv9:j

Page 16: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Top 10 symbols used

“Surpass: System-initiated User-replaceable passwords”, CCS 2015

Page 17: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Sungkyunkwan University (SKKU) Security Lab.

Most popularly used pattern locks

Page 18: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Security experts always recommend

• Pick a hard to guess password

• Don’t use it anywhere else

• Change it often

• Don’t write it down

How?

Page 19: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Security for Security

Page 20: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Most people don’t like security?

Page 21: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

So, security is often ignored

Page 22: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Why? Security is too challenging

• Security is the secondary task

– Security should be designed to fit into primary task

– Primary task should set performance requirements

– Users want to minimize their workload and complexity

Page 23: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Blame and train

• Users are wrong! Why?– To make excuse for security engineers!

• Do users have to be security experts to use systems securely?

• In general “blame and train” is not a good way to fix usability problems

How can we solve these problems?

Page 24: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Design usable security solutions

It is a lot easier to change the system than to

change people.

Page 25: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

WHAT’S USABLE SECURITY?

Page 26: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Usable security

HCI(Human

Computer

Interaction)

Security

Usable security is about making

systems secure and usable

Page 27: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Key findings about Passfaces

• Very memorable

– until you have more

than one Passfaces

password (Everitt et al.,

CHI 2009)

• Selection biases result in

low guessing difficulty (“Security and Usability: Designing

Secure Systems that People Can

Use”, 2005)

Page 28: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

How about picture gesture?

A built-in feature in “Microsoft Windows 8”

Page 29: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

“On the Security of Picture Gesture Authentication”,

Usenix Security 2013

Page 30: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Main topics

• Authentication

• Authorization

• Privacy

• Usability of security mechanisms

• Security of human tasks

• User behaviors

• Warnings and Decisions

• Education

Page 31: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Main venues

• General: IEEE S&P (Oakland), USENIX Security, ACM CCS, NDSS

• Usable Security: CHI, SOUPS, USEC

• General: IEEE S&P (Oakland), USENIX Security, ACM CCS, NDSS

• Usable Security: CHI, SOUPS, USEC

Page 32: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

MAKING SECURITY SYSTEMS MORE USABLE

Page 33: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

How can we make secure systems more usable?

1. Make it “just work”

– Invisible security

– Don’t give users too many choices

2. Make security/privacy understandable

– Make it visible

– Make it intuitive

– Use metaphors that users can relate to

Page 34: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

1. Make it “just work”

(but it’s not that easy)

This makes users very happy !

Page 35: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Minimize user decision

Reduce the mental workload to make a

security decision

Use automated analysis

to determine probability

of danger

Page 36: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

No CAPTCHA

This is not CAPTCHA, but FDS

to track suspicious users.

Page 37: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Using a natural intuitive flow

• Focus on the user’s primary task

– Remember that security is the second task

– Security is naturally incorporated into the system as an invisible component for the user’s task

– All parts of the system work in the same way

• Interfaces should be designed to minimize the effort needed to accomplish security tasks

Page 38: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Apple’s Touch ID

Page 39: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Bad question

Your web browser thinks this is a phishing web site. Do you want to go there anyway?

Go there anywayDon’t go there

I don’t know what a phishing site is.

I really want to go to this site.

Of course I will go there anyway!

Page 40: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

You are trying to go to evilsite.com. Do you really want to go there or would you rather go to yourbank.com?

Go to evilsite.com

Go to yourbank.com

Better question

Of course I want to go to yourbank.com!

Page 41: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

2. Make security understandable

Use understandable words

Page 42: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

A poor warning example

앱이 미래의 기기에서 사용할 수 있는USB 저장소의 권한을 테스트하도록허용합니다.

Page 43: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

In practice …

Only a very small number of users can

understand the risk of their security

behavior.

(e.g., about 3% of users understood

the meaning of Android permissions.)

Page 44: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Use of privacy facts

“Privacy as Part of the App Decision-Making Process”, CHI 2013

Page 45: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

However, this is also not easy

All failed …

How about new designs?

“Do Security Toolbars Actually Prevent

Phishing Attacks”, CHI 2006

Page 46: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Making it hard to do the wrong thing

• We need to make it easier for the user to do the right thing, hard to do the wrong thing, and easy to recover when the wrong thing happens anyway

• It is also very important to think what the default setting values should be

Page 47: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

SSL warning in Chrome

Chrome 36

(30.9%)

Chrome 37

(58.3%)

“Improving SSL Warnings: Comprehension and Adherence”, CHI 2015

Page 48: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Use of password strength meters

• Password strength meters help the user to strengthen her

password by giving visual indication of the strength of the

chosen password

• Meters lead to longer or stronger passwords

• Meters don’t affect memorability

• “How Does Your Password Measure Up? The Effect of Strength

Meters on Password Creation”, USENIX Security 2012

• “Does My Password Go up to Eleven? The Impact of Password Meters

on Password Selection”, CHI 2013

Page 49: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Conclusion: develop iPhone-like security solutions!

Page 50: Usable Security - SECUINSIDEsecuinside.com/archive/2017/2017-2-6.pdf · Usability and Security •Usability and security are often seen as competing design goals •However, security

Questions?


Recommended