Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
S
Usable Encryption Class Presentation for CMSC 818D
Wei Bai
Application
S Hardware Encryption
S Web Encryption S Email Encryption
S OpenPGP
S S/MIME
S Online Social Network
Public Key Encryption
S Encryption/Decryption
S Signing/Verifying
Prototype for Public Key Encryption
Prototype for Signing/Verifying Bob Alice
Usable Encryption Design Aspects
Design Aspects
Encryption UI
(Automatic) Encryption and
Decryption
Key Management
Integration
A. Whitten et al. “Why Johnny can’t encrypt: a usability evaluation of PGP 5.0”
S One of the pioneer works for encryption usability
S Objective: Investigate usability in standard UI design vs security
S A case study of PGP 5.0 through S Cognitive walkthrough analysis S Lab Study
Definitions of Usability for Security
S 1. Reliably made aware of the security tasks they need to perform
S 2. Able to figure out how to successfully perform those tasks
S 3. Don’t make dangerous errors
S 4. Comfortable with the interface to continue using it.
Properties
S 1. The unmotivated user property
S 2. The abstraction property
S 3. The lack of feedback property
S 4. The barn door property
S 5. The weakest link property
Usability Standard for PGP
S Encrypt/decrypt
S Sign/verify
S Key generation
S Own public key publication
S Public key acquiring
S Avoid dangerous errors
S Reasonable time
Usability Analysis
S Cognitive walkthrough Analysis S Wide considerations for more factors
S Subjective
S Lab Study S Limited scope of factor testing
S Objective
Cognitive analysis: Flaws in Design
S Key management Issue S Visual: sign/verify
S Different key types S RSA for PGP,
S Hellman/DSS for PGP 5.0
S Key server
S Errors playing with keys. Irreversible! S Delete the private key, publicize the private key
Lab study
S Integrate Eudora with PGP
Lab study
S Confirmed some points:
S What keys to use? How to use them? S Confused about private/public keys
S Use own/counterpart’s keys?
Discussions
S 1. Dangerous errors and the barn door property: S If reversible? Regret allowed?
S 2. Whether tutorials about encryption tasks, such as generating keys should be included? S Learnability: Learn by themselves, or taught by others?
S 3. Is signing and verification necessary? S Closed circle S Phishing exists
S 4. How about separating encryption and decryption tasks, to make study shorter?
S. Routi et al, “Confused Johnny: when automatic encryption leads to confusion and mistakes”
S Objective S Investigate whether it makes more usable if hiding as many
security details as possible
S Method: S Lab study of Pwm (private webmail) system
Pwm Highlights
S Automatic key management and automatic encryption
S Integrate tightly with existing webmail services
S Key management by a key escrow S Advantage:
S Automatic key management S Users never lose their keys S Keys ported to new devices automatically
S Disadvantage S Escrow has access to users’ keys
Comparative Usability Study
S Task scenario: S Decrypt an email first
S Send an encrypted email
S Open a new Gmail session (with Pwm ended)
S Perform well compared to existing webmail tools (w.r.t. SUS score)
Key Findings
S Performance of Message Protector is, on par with, slightly higher than Pwm.
S Too transparent design loses trust to some extent
S Reconsider manual encryption S The idea also comes from “Johnny for Facebook” paper.
Discussions
S Automatic key management by using a third party service? S Chicken and egg problem!
S Tradeoff between usability/security
Helping Johnny 2.0 to encrypt His Facebook conversations
S Objective: S Encryption usability for online social networks (OSNs)
S Methods: S Two lab studies
Mockup Lab Study
Mockup Lab Study
S Encryption schemes: S Auto/not auto: encryption button
S Key management: S Manual: send keys over webmail
S Auto: Passwords created at the first time, and then web browser caches it for further use.
Key findings
S Auto encryption and auto key management is preferable. S Manual encryption / manual decryption have higher security
feeling, but lower acceptance
S Key (password) recovery capability
Discussions
S Do/show something makes users assured? S Auto/not auto: encryption button
S Key management: S Manual: send keys over webmail
S (chicken and egg problem again?)
S Auto: Passwords created at the first time, and then web browser caches it for further use. S Password protection? Guessibility for password is much easier
than PKI keys.