Upload
audrey-james
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Class 20Usability
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff
• TEVAL offered – please fill it out :)• No class or office hours next week• Quiz on Thursday• Final project due Tuesday, May 13th, by 2:00
PM (email)• Today:– Survey– Exam II returned
Papers
• “In search of usable security”…–Practical, sysadmin-ish
• “Shake well before use”…–Research – ease of application of known
primitive (key agreement)
• “Seeing-is-believing”–Research – ease of application of known
primitive (public keys)
User is not a 4-letter word!
• Software is used by people!–Psychology (we all have it)
• HCI (human-computer interaction)• Human factors• Usability
• “Return” vs. “enter” story
I’m sure this is someone’s law…
• If a security system is too difficult to use, users will find a way to get around it
–Corollary: Getting the job done is more important than security• Has more immediate potentially bad outcomes
A bit of historical background
• 1999: Why Johnny can’t encrypt
• 2003: Humans in the loop: Human-computer interaction and security
• 2006: Why Johnny still can't encrypt: Evaluating the usability of email encryption software
• 2011: Why (special agent) Johnny (still) can't encrypt: A security analysis of the APCO project 25 two-way radio system
It’s more complex than you think!
• Non-expert users–Novice users – never used a computer?
• Security “signals”–Desensitization
• Types of mistakes
Real-world examples
• … you’d be amazed!
• Enterprise PKI/SSO
• K-State system–Password change• Identity: who are you??
• Demo (I hope this works!)– TrueCrypt
References
• Papers in notes fields (other slides)
• Assigned papers
• Norman’s“Design of Everyday Things”
• Actually, read all ofNorman’s books :)
Back to the papers
– “In search of usable security”…– “Shake well before use”…– “Seeing-is-believing”
Problems? Vulnerabilities? Questions?
TrueCrypt – Lessons learned
• PROBLEM: Security software usability stinks
• SOLUTION: Improve it–Measurably!
• CONTRIBUTION: A vastly and provably improved TrueCrypt interface– Functionality-preserving
Old Wizard – Step 1
Old Wizard – Step 2
Old Wizard – Step 3
Old Wizard – Step 4
Old Wizard – Step 5
Old Wizard – Step 6
Browser warnings
Questions?
Reading discussion