Embed Size (px)
Citation preview
Class 20Usability
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff
• TEVAL offered – please fill it out :)• No class or office hours next week• Quiz on Thursday• Final project due Tuesday, May 13th, by 2:00
PM (email)• Today:– Survey– Exam II returned
Papers
• “In search of usable security”…–Practical, sysadmin-ish
• “Shake well before use”…–Research – ease of application of known
primitive (key agreement)
• “Seeing-is-believing”–Research – ease of application of known
primitive (public keys)
User is not a 4-letter word!
• Software is used by people!–Psychology (we all have it)
• HCI (human-computer interaction)• Human factors• Usability
• “Return” vs. “enter” story
I’m sure this is someone’s law…
• If a security system is too difficult to use, users will find a way to get around it
–Corollary: Getting the job done is more important than security• Has more immediate potentially bad outcomes
A bit of historical background
• 1999: Why Johnny can’t encrypt
• 2003: Humans in the loop: Human-computer interaction and security
• 2006: Why Johnny still can't encrypt: Evaluating the usability of email encryption software
• 2011: Why (special agent) Johnny (still) can't encrypt: A security analysis of the APCO project 25 two-way radio system
It’s more complex than you think!
• Non-expert users–Novice users – never used a computer?
• Security “signals”–Desensitization
• Types of mistakes
Real-world examples
• … you’d be amazed!
• Enterprise PKI/SSO
• K-State system–Password change• Identity: who are you??
• Demo (I hope this works!)– TrueCrypt
References
• Papers in notes fields (other slides)
• Assigned papers
• Norman’s“Design of Everyday Things”
• Actually, read all ofNorman’s books :)
Back to the papers
– “In search of usable security”…– “Shake well before use”…– “Seeing-is-believing”
Problems? Vulnerabilities? Questions?
TrueCrypt – Lessons learned
• PROBLEM: Security software usability stinks
• SOLUTION: Improve it–Measurably!
• CONTRIBUTION: A vastly and provably improved TrueCrypt interface– Functionality-preserving
Old Wizard – Step 1
Old Wizard – Step 2
Old Wizard – Step 3
Old Wizard – Step 4
Old Wizard – Step 5
Old Wizard – Step 6
Browser warnings
Questions?
Reading discussion
![8RjU` C`RU m 3ZdY`ad :eTYZ Xe` m 4G%( #BH @WWVcd Z eYV ... · a`eV_eZR] W`c R_ R__ViV hYZ]V eYV WfceYVc U`fS]V SVUc``^ YRd R gZVh `W eYV UV]ZXYeWf] cVRc XRcUV_ R_U eYV eYZcU SVUc``^](https://img.pdfslide.net/doc/110x75/5e8c97c0d6261124834bb99f/8rju-cru-m-3zdyad-etyz-xe-m-4g-bh-wwvcd-z-eyv-aevezr-wc-r-rviv.jpg)
![0*)$rbdi.bruylant.be/public/modele/rbdi/content/rbdi_2016... · 2016-09-26 · `eYVc h`cUd%eYV Z_ZeZR] RZ^ `W eYZd RceZT]V Zd e` R_R]jdV eYV VT`_`^ZT%d`TZR] R_U a`]ZeZTR] T`_eVie](https://img.pdfslide.net/doc/110x75/5f1d4e91044721771b42a807/0rbdi-2016-09-26-eyvc-hcudeyv-zzezr-rz-w-eyzd-rceztv-zd-e-rrjdv.jpg)
![Z XhZeY Yf^R Z^a]R eRS]V^ZTc`TYZadW`cZ^^ZXcR ed · Re eYV 4R_RUR 4`f_TZ] W`c eYV 2ced, Rd Ac`XcR^^Z_X 4``cUZ_Re`c Re WV^Z_Zde ^VUZR Rce TV_ecV DefUZ` II R_U Rd 6UZe`c Z_ 4YZVW `W](https://img.pdfslide.net/doc/110x75/5e8c99760be2154ad20b6e80/z-xhzey-yfr-zar-ersvztctyzadwczzxcr-ed-re-eyv-4rrur-4ftz-wc-eyv-2ced.jpg)
![EYV @WWZTZR] ?Vhd]VeeVc `W EYV 6 XZ VVcZ X DefUV …ess.uvic.ca/documents/stream_a/fishwrap/2000-09//2000-10-10.pdf · So come on out, have fun, and give that beat-up, striped down,](https://img.pdfslide.net/doc/110x75/5b5c375c7f8b9ad2198bf1f6/eyv-wwztzr-vhdveevc-w-eyv-6-xz-vvcz-x-defuv-essuviccadocumentsstreamafishwrap2000-092000-10-10pdf.jpg)
![45G9E FHCC?K 5A8 DH5?=GK =FFH9F =A (9AGE5? 5A8 ......,2)0 %"-)% /0)3)170158.21 06:17.21 *97.3 ,7/.5 d`fcTVd Rd Zd eYV TRdV Z_ S`eY JfddZR R_U eYV M\cRZ_V W`c ViR^a]V) A_ eYV M\cRZ_V](https://img.pdfslide.net/doc/110x75/610f61f942575b15f41407f3/45g9e-fhcck-5a8-dh5gk-ffh9f-a-9age5-5a8-20-0317015821.jpg)
![5th edition July 11th > 17th 2017fidmarseille.org/pdf/CatalogueFIDCampus2017.pdf · dYV [`Z_VU eYV >`fZd >f^ZVcV dTY``] Z_ >j`_ EYV Îc h`c\VU Sd 6 A B hZeY S VTZS] Z_eVcV Z_ d`f_U](https://img.pdfslide.net/doc/110x75/602337c9140e792bec3ee1e5/5th-edition-july-11th-17th-dyv-zvu-eyv-fzd-fzvcv-dty-z-j.jpg)
![7$ >65:2 D6CG6C - ReQuest Inc.request.com/documents/2016 ReQuest Product Portfolio.pdfdVcgVcd Z_e` R T`^aRTe a`hVcY`fdV HZeY eYV RSZ]Zej e` RUU f_]Z^ZeVU ?2D UVgZTVd eYV 7$ TR_ YR_U]V](https://img.pdfslide.net/doc/110x75/5edbae68ad6a402d6666059a/7-652-d6cg6c-request-inc-request-product-portfoliopdf-dvcgvcd-ze-r-tarte.jpg)
![Van Gogh I - jackooij.nl · Van Gogh I • • • • • • EYV Rce `W dV]]Z_X j`fc W]`cR 9VRU ^`Uf]V EYV Rce `W dV]]Z_X j`fc W]`cR DZUV ^`Uf]V "#! EYV Rce `W dV]]Z_X j`fc W]`cR](https://img.pdfslide.net/doc/110x75/5fa51cc280fc49674c731792/van-gogh-i-van-gogh-i-a-a-a-a-a-a-eyv-rce-w-dvzx-jfc-wcr-9vru.jpg)
