Users vs. security Cyberdefence seminar, Tallinn Technical University Maksim Afanasjev, 2011.

Slides:

Advertisements

Similar presentations

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Advertisements

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

With your instructor, Jeremy Hyland

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Caleb Stepanian, Cindy Rogers, Nilesh Patel

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (

05-899/ Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

KEEP YOUR COMPUTE SAFE AND HOW TO FIX IT 1. OBJECTIVE Keep your computer safe. -Not about spam, phishing or browser hijacks Designed for the non-geek.

Why Johnny Can’t Encrypt A Usability Evaluation of GPG 5.0 Presented by Yin Shi.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Programming Satan’s Computer

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Masud Hasan Secue VS Hushmail Project 2.

Operating Systems Concepts 1/e Ruth Watson Chapter 4 Chapter 4 Windows Utilities Ruth Watson.

IT Security for Users By Matthew Moody.

Usability Studies Encryption Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech.

Configuring Windows XP-Based Laptops for Guest Access to Bloomsburg University’s Wireless Network Intended for University staff, and guests planning to.

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Connecting Computers and Keeping them safe from Hackers and Viruses Bradie Britzmann and Courtney Hughes Britzmann & Hughes.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

References  Cranor & Garfinkel, Security and Usability, O’Reilly  Sasse & Flechais, “Usable Security: Why Do We Need It? How Do We Get It?”  McCracken.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Security & Usability Charles Frank. Convenience is the Antithesis to Security  Computer systems must employ mechanisms that are difficult to use!

Crimes of Negligence or Incompetence Presented By: Lisa R. Williams.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.

ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Securing A Wireless Home Network. Simple home wired LAN.

CSCE 201 Identification and Authentication Fall 2015.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.

Physical Security Concerns for LAN Management By: Derek McQuillen.

“Candidates were not advantaged by defining every type of operating system provided as examples in the explanatory notes of the standard. Candidates who.

Computer Security Sample security policy Dr Alexei Vernitski.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:

1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Primary/secondary data sources Health and safety Security of Data Data Protection Act.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

USABILITY Ben Aaron.

8 – Protecting Data and Security

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0

Port Knocking Benjamin DiYanni.

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Home Computer Security

The Psychology of Security

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

G061 - Network Security.

Presentation transcript:

Users vs. security Cyberdefence seminar, Tallinn Technical University Maksim Afanasjev, 2011

Weakest link Reality is, however, different It is not difficult to make a secure system. In theory.

Experiment on the weakest link The U.S. Department of Homeland Security ran a test in 2011 to see how hard it was for hackers to corrupt workers and gain access to computer systems: staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up: 60 percent plugged the devices into office computers If the drive or CD case had an official logo, 90 percent were installed.

Why humans are weakest link? Humans are not perfect. But security systems expect us to be. On average, 25 accounts, login 8 times per day They’re not thinking, ‘I want to be secure,’ They’re thinking, ‘I want to do my banking.’ “Users will knowingly install spyware if the tradeoffs are good for them,” research shows.

Users' story Users usually do not understand the importance of software, hardware and systems for their organizations do not believe assets are at risk do not understand they their behavior puts assets under risk (i.e. they will be attacked) have problems using security tool correctly (e.g. PGP) Often users can not behave in way required or users do not want to behave in way required. Examples to follow:

Users stories continued Policy "Lock the screens whenever you leave your computer" Outcome: does not work. People do not use it. Reason: "What my colleagues will think? That will ruin trusting relationship with colleagues." Lesson: Users will no comply with policies and mechanisms that are at odds with values they hold. Person that uses complex passwords, changing them often and uses locking screens will look paranoid in our culture. If behavior requires conflicts with norms, values, self-image- users will not comply.

Users' workarounds write passwords down (e.g. on ATM panel). Can not take care of own banking card! share passwords choose passwords that are insecure (but easy to remember)

User solution If possible to avoid at all- avoid! If system allows easy password- use it! If too complex to use (e.g. demands too complex passwords), impossible to avoid- find a workaround!

Is the tradeoff inherent? If system is secure, but not usable, people will start using other (completely) insecure system that is usable. If system is usable, but not secure, it will not last long (compromised, hacked) There is agreement that systems must be designed secure and usable, but no agreement- how? It is pretty clear how to make system more or less secure to a needed degree. There are guidelines and libraries. But not clear how to make them usable?

Tradeoff When trying to make secure systems usable, we add complexity. Complexity leads to higher chances to doing something wrong, i.e. less secure!

Tradeoff example- relay attacks Passive keyless entry to cars -higher usability, but what about security? The car sends beacons on the LF channel periodically. These beacons are short wake-up messages for key. When the key detects the signal on the LF channel, it wakes up the microcontroller, demodulates the signal and interprets it. After computing a response to the challenge, the key replies on the UHF channel. This response is received and verified by the car. In the case of a valid response the car unlocks the doors.

Relay attacks on keyless entry The challenge-response algorithm is tested and proven in conventional key systems. If a proper (length) key is used along with strong algorithm,- difficult to interfere. LF requests work within 1-2m outside the car. UHF response works up to 100 meters.

Relay attack car side with antennae key side

Relay attack It works! Out of 10 cars, all were opened and started. Cars will continue running after they detect key is missing (for safety reasons) Very safe attack- no physical contact neither with key nor the car. If it does not work- nobody is risking. Countermeasures: shielding the key (usability?) removing battery from the key (usability?) RF distance bounding protocol: a class of protocols in which one entity (the verifier) measures an upper-bound on its distance to another (trusted or untrusted) entity (the prover).

Relay attack conclusion Manufacturers took an established system (challenge- response e.g. keeloq), snapped-on usability features. As a result,- absolutely new security flaws introduced. Outcome: usable, but less secure.

Improving security at cost On August 25, 2004, Microsoft releases Service Pack 2 for Windows XP. This is a "security" SP. By default, Windows Firewall was enabled in this release.

SP2 Firewall Were users expecting this? No! They just updated. Were users knowing what to do with it? No! Outcome: many found a way to disable the bugger. Problem: you can do this only once with a user. No ways to make it more gentle next time. Result: dissatisfaction with security measures, some disabled firewalls and maybe more secure overall.

Ways to deal with security complexity In an ideal world, all of the security complexity is hidden from the user. In reality, not possible. 2 approaches: to communicate an accurate conceptual model of the security to the user as quickly as possible. The smaller and simpler that conceptual model is, the more plausible it will be that it can be successful. user does not need to understand the "big picture". He must clearly understand the sequence of steps need to perform a task (Wizard?).

Complexity Finding ways to both maximize security and usability has been a longstanding problem: According to Saltzer and Schroeder [Saltzer 75] in "Basic Principles of Information Protection" : Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user's mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification language, he will make errors. In practice, the principle is interpreted to mean that the security mechanism may add some extra burden, but that burden must be both minimal and reasonable.

Possible solutions Increasing the security without undermining usability and vv. Example: locking screens. Make it a part of professional culture, not personal. Make absolutely clear that it is a part of professional behavior, not in any way connected to personal issues. Once users realize that locking screen has nothing to do with trust among colleagues, it will work Overall: security must be designed with usability in mind and vv. Once we start introducing security features when usability guidelines have been established- it will cause problems. Also, all security policies should take human psychology into account.

Questions?

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0 Alma Whitten J. D. Tygar "and the user test demonstrated that when our test participants were given 90 minutes in which to sign and encrypt a message using PGP 5.0, the majority of them were unable to do so successfully." specific definition of usability for security Three of the twelve test participants (P4, P9, and P11) accidentally ed the secret to the team members without encryption.

Definition: Security software is usable if the people who are expected to use it: 1. are reliably made aware of the security tasks they need to perform; 2. are able to figure out how to successfully perform those tasks; 3. don’t make dangerous errors; and 4. are sufficiently comfortable with the interface to continue using it.

Passwords: easily guessed, diffuclt to remember default passwords usually passwords that are easy to remember, are diffiult to guess People have difficult perception of what constitutes a "password that is difficult to guess". For example- do not use names, user will use Barbara1 People use foreign words (american would not expect an attacker to try Japanese word). Or, organization circulated a memo, explaining what a good password is, with samples. Attackers used the samples.

Identification/Authentification 1. The unmotivated user. Security is usually a secondary goal. 2. The abstraction property abstractive layer 3. The lack of feedback property The need to prevent dangerous errors makes it imperative to provide good feedback to the user, but providing good feedback for security management is a difficult problem. The state of a security configuration is usually complex, and attempts to summarize it are not adequate.