With your instructor, Jeremy Hyland

Slides:

Advertisements

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Advertisements

Operating System Security

Off-the-Record Communication, or, Why Not To Use PGP

Customers Request the Darndest Things* 10 Challenges for VUI Designers Eduardo Olvera User Interface Designer.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Public speaking: the basics

Digital Signatures and Hash Functions. Digital Signatures.

Caleb Stepanian, Cindy Rogers, Nilesh Patel

Location Based Social Networking For All Presenter: Danny Swisher.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Secure Communications … or, the usability of PKI.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Cryptographic Technologies

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Why Johnny Can’t Encrypt A Usability Evaluation of GPG 5.0 Presented by Yin Shi.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

PROBLEM STATEMENT: Our research seeks to understand the current usability situation of files and encryption software. Particularly we focus in Gnupg4win.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Masud Hasan Secue VS Hushmail Project 2.

Outlook Lesson 4 Managing Messages Microsoft Office 2010 Advanced Cable / Morrison 1.

Usability Studies Encryption Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Visualizing Information in Global Networks in Real Time Design, Implementation, Usability Study.

Cryptography, Authentication and Digital Signatures

Click to edit Master subtitle style USABILITY and USER INTERFACE DESIGN Application.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

EE515/IS523 Think Like an Adversary Lecture 8 Usability/Software Failures Yongdae Kim.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Confused Johnny WHEN AUTOMATIC ENCRYPTION LEADS TO CONFUSION AND MISTAKES Scott Ruoti, Nathan Kim, Ben Burgon, Tim van der Horst, Kent Seamons Internet.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

Fall 2006CS 395: Computer Security1 Key Management.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0

Key management issues in PGP

Enhanced usability of IT security mechanism Author: Hans-Joachim Hof Presented by: Sanaz Hosseinzadeh.

CS 465 Secure Last Updated: Nov 30, 2017.

S/MIME T ANANDHAN.

IS3230 Access Security Unit 9 PKI and Encryption

Message Digest Cryptographic checksum One-way function Relevance

Pooja programmer,cse department

ELECTRONIC MAIL SECURITY

ELECTRONIC MAIL SECURITY

Trust is a Two-Way Street Ebony Buckley

Integration (API) testing with SoapUI

Group 2 module 2 obj 15 explain the meaning of terms related to the security of Information Technology Systems.

Advanced Computer Networks

CSE 542: Operating Systems

Presentation transcript:

With your instructor, Jeremy Hyland User Studies II With your instructor, Jeremy Hyland

Plan for Today Discuss the reading: Do a little testing of our own… Why Johnny Can’t Encrypt Johnny 2: Judgment Day Do a little testing of our own…

Why Johnny Can’t Encrypt Who’s Johnny and why can’t he encrypt? Posner says What’s Johnny trying to hide?

Why Johnny Can’t Encrypt Whitten and Tygar, 1999 http://www.usenix.org/publications/library/proceedings/sec99/full_papers/whitten/whitten_html/index.html A Usability Evaluation of PGP 5.0

Why Johnny Can’t Encrypt “Security mechanisms are only effective when used correctly” So: If Usable then else

Why Johnny Can’t Encrypt Defining Usable Security Software Whitten and Tygar: Security software is usable if the people who are expected to use it: are reliably made aware of the security tasks they need to perform. are able to figure out how to successfully perform those tasks don't make dangerous errors are sufficiently comfortable with the interface to continue using it.

Why Johnny Can’t Encrypt Why is usable security hard? McNealy says You have no usable security, get over it.

Why Johnny Can’t Encrypt Why is usable security hard? Five reasons: 1. The unmotivated users “Security is usually a secondary goal” 2. Policy Abstraction Programmers understand the representation but normal users have no background knowledge.

Why Johnny Can’t Encrypt Why is usable security hard? Five reasons: 3. The lack of feedback We can’t predict every situation. 4. The proverbial “barn door” Need to focus on error prevention. 5. The weakest link Attacker only needs to find one vulnerability

Why Johnny Can’t Encrypt Usability Evaluation PGP 5.0 Pretty Good Privacy Software for encrypting and signing data Plug-in provides “easy” use with email clients Modern GUI, well designed by most standards

Why Johnny Can’t Encrypt Usability Evaluation Whitten and Tygar focus their evaluation on a question based off their definition of usable secure software: If an average user of email feels the need for privacy and authentication, and acquires PGP with that purpose in mind, will PGP's current design allow that person to realize what needs to be done, figure out how to do it, and avoid dangerous errors, without becoming so frustrated that he or she decides to give up on using PGP after all? Loaded question?

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through Mentally step through the software as if we were a new user. Attempt to identify the usability pitfalls. Focus on interface learnablity.

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through results: Visual metaphors Public vs. Private keys Signatures and verification

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through results: Different key types Compatibility increases complexity Keys listed as users

Why Johnny Can’t Encrypt Keys listed as users

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through results: Key server Hidden? What is it doing? Revocation not automatic Would that help?

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through results: Key management policy Unneeded confusion What’s the difference between trust and validity?

Why Johnny Can’t Encrypt Usability Evaluation Cognitive walk through results: Irreversible actions Need to prevent costly errors Consistency “Encoding”?!? Too much information More unneeded confusion Show the basic information, make more advanced information available only when needed.

Why Johnny Can’t Encrypt Usability Evaluation User Test PGP 5.0 with Eudora 12 participants all with at least some college and none with advanced knowledge of encryption Participants were given a scenario with tasks to complete within 90 min Tasks built on each other Participants could ask some questions through email

Why Johnny Can’t Encrypt Usability Evaluation User Test Results: 3 users accidentally sent the message in clear text 7 users used their public key to encrypt and only 2 of the 7 figured out how to correct the problem Only 2 users were able to decrypt without problems Only 1 user figured out how to deal with RSA keys correctly. A total of 3 users were able to successfully complete the basic process of sending and receiving encrypted emails. One user was not able to encrypt at all

Why Johnny Can’t Encrypt Conclusion If an average user of email feels the need for privacy and authentication, and acquires PGP with that purpose in mind, will PGP's current design allow that person to realize what needs to be done, figure out how to do it, and avoid dangerous errors, without becoming so frustrated that he or she decides to give up on using PGP after all? Nope Is this a failure in the design of the PGP 5.0 interface or is it a function of the problem of traditional usable design vs. design for usable secure systems? Security as the primary function vs. a secondary function

Johnny 2 Garfinkel and Miller, 2005 http://www.simson.net/clips/academic/2005.SOUPS.johnny2.pdf Follow-up to Why “Johnny Can’t encrypt” Test of new encryption technology Key Continuity Management S/MIME certificates Better interface Simple buttons

Johnny 2 Garfinkel and Miller: Johnny couldn’t encrypt because of the key architecture behind PGP. “….the fundamental usability barriers that Whitten identified could be overcome by replacing the underlying third-party certification model with Key Continuity Management.”

Johnny 2 User Test Tried to stay as close to the Johnny experiment as practical Same methods of user solicitation/selection Same basic scenario Similar user tasks Added attackers

Johnny 2 User Test Attacks: new key attack new identity attack unsigned message attack How well does the interface enable users to respond to these attacks?

Johnny 2 User Test Test application: CoPilot “Wizard of Oz” prototype S/MIME certificate handling: First time = Yellow Trusted certificate = Green Changed certificate = Red Unsigned message = White Unsigned message from a sender that normal sends signed messages = Gray Better tools allow for a more automated and scientific test

Johnny 2 User Test 43 test subjects Three groups: No KCM Color Color+Briefing

Johnny 2 User Test Results: Users generally understood the basics Little understanding of signature integrity guarantees Verifying attack message authenticity was difficult for most users No group resisted attacks 100% of the time Color and Color+Briefing resisted new key attack and the unsigned message attack better then No KCM The interface did not help against new identity attacks

Johnny 2 User Test: Conclusions A few surface interface issues Do not trust button Misconceptions about the security of sealed messages Generally, the new interface simplifies email encryption Still problems with determining certificate trust, however some of these problems may be unavoidable.

So Now What? Now its time to do your own test!

User Test 3 groups: Take a few minutes to create a simple user test Cell Phone CD player Calculator Take a few minutes to create a simple user test One member of each group switches to be a tester

User Test Guidance: Decide whose going to do what! Create a Use Case Scenario Define user tasks for completion of the scenario Set up metrics for results evaluation What qualifies as success vs. failure?

User Test Results!?