Usable Security for Webmail and Single Sign-on KENT SEAMONS & SCOTT RUOTI COMPUTER SCIENCE DEPARTMENT BRIGHAM YOUNG UNIVERSITY INTERNET SECURITY RESEARCH LAB

BYU Computer Science o CS Department has 600+ undergraduates, 80 MS, 30 PhD o Focus on undergraduate research mentoring

Internet Security Research Lab (ISRL) o Established 2001 o Funding: DARPA, NSF, Industry o Alumni ◦24 MS degrees and 1 PhD degree awarded ◦Placement: Microsoft, Google, IBM, DoD, Sandia, MIT Lincoln Labs, Lockheed-Martin, Blue Coat, Amazon, etc.

ISRL Research Projects o Automated Trust Negotiation ◦TrustBuilder – exchange attribute certificates as a basis for trust o Convenient Decentralized Authentication using Passwords ◦Simple Authentication for the Web (SAW) ◦Luau o Easy, Secure Data Sharing in the Cloud ◦Private Webmail (Pwm) ◦Private Facebook Chat (PFC) ◦Key Escrow (Kiwi) o Privacy ◦TLS proxies – how to detect and distinguish from TLS MITM attacks o Usable Security

Users and Security o Users want to get their work done o They will sidestep security if it is inconvenient

Usable Security o A significant new research area in the last years o Seminal papers ◦Why Johnny Can’t Encrypt (Whitten and Tygar, 1999) ◦Users are not the Enemy (Adams and Sasse, 1999) o Research venues with latest research ◦Symposium on Usability, Privacy, and Security (SOUPS) ◦ACM Conference on Human Factors in Computing Systems (CHI)

Why Johnny Can’t Encrypt o Usability study of PGP 5.0 o Political campaign scenario o Twelve users were given the software to configure o Users completed a series of tasks

Why Johnny Can’t Encrypt Results o Complete failure that served as a wakeup call to the community o Only four users (33%) were able to correctly send out the encrypted, signed ◦Seven users encrypted s with their own public keys ◦Another user generated new key pairs for all the other users and tried to encrypt with those keys o Three users (25%) accidentally ed the secret message to the other team members without encryption o Lots of challenges with key management

Usable Security Research Examples ◦Johnny 2 (SOUPS 2005) ◦Applied automatic key management to S/MIME ◦A usability study and critique of two password managers (Usenix Security 2006) ◦Major usability issues discovered ◦Usability issues led to insecurity ◦Most significant problems arose from poor mental models ◦Social Phishing (CACM 2007) ◦User study that launched real phishing attack against Indiana University students using social network contact information (71% success rate)

Usable Security Research Examples ◦What makes users refuse web single sign-on? An empirical investigation of OpenID (SOUPS 2011) ◦Identified challenges and concerns users face when using OpenID ◦Many users had incorrect mental model of how the system worked (71%) ◦Identified changes in the login flow that improves user acceptance ◦Helping Johnny 2.0 Encrypt his Facebook conversations (SOUPS 2012) ◦Automatic key management and encryption ◦Hypothesized that users may not trust transparent encryption

Research Methods o Approaches from Human Computer Interaction (HCI) o Surveys ◦Likert Scale questions o Laboratory usability studies ◦Task-based ◦Difficult to draw conclusions from trust decisions in a laboratory environment o Amazon Mechanical Turks ◦Cost effective way for large-scale user studies o Ethical and privacy issues ◦Academic user studies need university review board approval

Metrics - System Usability Scale o System Usability Scale (SUS) [Brook 1996] o Ten questions using 5 point Likert Scale ◦Alternate negative and positive ◦Calculation that provides a single number for usability o Bangor compared scores for hundreds of systems

SUS Questions o I think that I would like to use this product frequently. o I found the product unnecessarily complex. o I thought the product was easy to use. o I think that I would need the support of a technical person to be able to use this product. o I found the various functions in the product were well integrated. o I thought there was too much inconsistency in this product. o I imagine that most people would learn to use this product very quickly. o I found the product very awkward to use. o I felt very confident using the product. o I needed to learn a lot of things before I could get going with this product.

Usable Security for Single Sign- On

Bob’s in-memory password lookup table password1???Luke ???Password2Ducky Password3photosZxcv letmein??? pwd12qwerLkjh asdf??? The Internet Password Who do we trust? Single Sign-on

Simple Authentication for the Web o How can web sites offload user authentication all by themselves? ◦Already doing it as a secondary means of user authentication o SAW’s approach ◦Improve the security and convenience of -based password resets ◦Use as primary authentication mechanism

How SAW Works Step 1: ◦The user submits her address Step 2: ◦If her address is authorized, a random secret is generated and split into two shares Step 3: ◦The user returns both tokens ◦Manually: By clicking a link in the ◦Automatically: Using the SAW toolbar Tokens are: Short-lived Single-use Web Site User User’s Provider I’m Alice From: To: Subject: [SAW- AT =2fe32... Click on the link below ONLY if you recently initiated a request to log in to

Benefits o Unilateral deployment by web sites 1.No specialized third party 2.No client-side software 3.Reuse existing users identifiers and authenticators external to the web site o Acceptable risk for services that rely on -based password resets o Advanced features ◦Delegation and revocation through forwarding rules ◦Client-side auditing

o How do users authenticate to identity providers when they cannot directly communicate? ◦Giving relying parties the plaintext password is not desirable ◦Allowing an encrypted tunnel invites misuse and requires IP-level connectivity ◦Forwarding several small messages of known composition offers a good compromise The Chicken and the Egg User (U)Identity Provider (IDP)Wireless Access Point (RP) ID: Alice PW: Peek-a-boo Msg

1.Use a strong password protocol to establish a mutually authenticated session key between user and her identity provider 2.Use that key to facilitate a SAW token distribution 3.Unify Web and wireless authentication Luau– High Level Idea User (U)Identity Provider (IDP)Wireless Access Point (RP) Secure Remote Password (SRP)

Future Directions o Usability studies comparing SAW to Oauth, OpenID, and some recent proposals to replace passwords o Untrusted Input Problem: Password entry into web forms supplied by the server ◦We advocate a move to password entry into the browser chrome or O/S in order to thwart password phishing attacks ◦Train users to never enter credentials into a web page ◦Users will still be vulnerable to social engineering o If phishing attacks are thwarted, attackers will focus on the end points ◦Usable solutions to key logging

Confused Johnny: Usable Security for Webmail

Confused Johnny o encryption for the masses o We developed a system maximizing usability ◦Made everything transparent o Johnny became confused o Designed another system with manual encryption ◦This helped Johnny gain clarity

Encrypted o Exists, but largely goes unused o S/MIME, PGP ◦Tools available o “Why Johnny can't encrypt: A usability evaluation of PGP 5.0” ◦Whitten and Tygar, 8th USENIX Security Symposium (1999) ◦Later research confirmed findings o What can be done?

Usability Issues o Users resist change ◦Users are using webmail ◦If security is difficult users will forgo it o Key management is confusing ◦Hierarchical, web-of-trust ◦Recipient must already have key ◦Chicken and egg problem o Cryptography is complicated ◦Unclear which properties are provided ◦Unclear which properties are needed

Private Webmail (Pwm) o Pronounced “Poem” o Adds end-to-end encryption to existing webmail systems ◦Gmail, Hotmail, Yahoo! Mail ◦Runs on all modern browsers o Designed to maximize usability o Provide good-enough security ◦Improvement for those already sending sensitive

Security Overlay o Security overlay ◦Integrates tightly with existing webmail systems ◦Users do not need to learn yet-another-system o Tightly integrates with existing systems ◦Replaces small portions of the interface ◦Displayed using iFrames o Functionally transparent ◦Low barrier to adoption o Visually distinctive ◦Easy to identify

Usability Fixes o Users resist change ◦Focus on bootstrapping first-time users ◦Helpful instructions in ◦Bookmarklet-based installation o Key management is confusing ◦Key escrow based on IBE ◦Simple Authentication for the Web (EBIA) ◦No user interaction required o Cryptography is complicated ◦Encryption is automatically handled by Pwm ◦Users never interact with ciphertext

Pwm: Walkthrough

Pwm User Studies o Two studies o First study measured usability of Pwm ◦Also evaluated bookmarklets for use during installation o Second study compared Pwm to Voltage Secure Mail Cloud ◦Voltage Secure Mail Cloud is an existing depot-based secure system ◦Pwm was run using a browser extension o Evaluation ◦Pre- and post-survey questionnaire ◦Monitored participants actions for unrecognized mistakes ◦Post-survey interviews

SUS Score Comparison

Success? o Results are very promising ◦Very positive reception ◦Users indicated they wanted to begin using it o Not without problems o Small number sent without encryption o Participants were confused about security ◦Wanted to see more details ◦Unsure of who could read s

Where to go from here? o Simple solutions was to fix UI issues o One student (Nathan Kim) had a different idea ◦Manual encryption ◦Decoupled interface o Mocked up these ideas ◦Message Protector (MP) ◦Simple Interface ◦Direct handling of ciphertext ◦Implied key management

MP: Walkthrough

First MP User Study o Evaluated MP using SUS o Compared against Encipher.it ◦Bookmarklet-based encryption system ◦Works in Gmail and Facebook o Evaluation ◦Pre- and post-survey questionnaire ◦Monitored participants actions for unrecognized mistakes ◦Post-survey interviews ◦The system usability scale o Evaluated comprehension ◦Survey included questions about comprehension ◦How to use the system ◦Who could read messages

61 72

Second MP User Study o Surprising usability results ◦Participants had a positive reaction to seeing ciphertext ◦Similar SUS score to MP o Ran a second study comparing MP to Pwm ◦Modeled after the first MP study

76 74

SUS Score Comparison

Other results o MP improved users comprehension ◦Clearly understood how to use system ◦Clearly understood who could read messages o Usability scores nearly identical to Pwm o Participants preferred manual encryption of MP o Participants preferred tight integration of Pwm

Study limitations o MP studies ignore bootstrapping new users ◦Studies assumed software pre-installed ◦Bootstrapping is a key component of Pwm’s design ◦Not fully representative of overall usability o Short-term studies o SUS question unclear ◦“I think that I would like to use this system frequently.” ◦Participants ranked low even when enthusiastic about the system ◦Relevant to security studies

Review o Pwm was a success ◦Participants largely succeeded at using encrypted ◦Participants had high praise for Pwm ◦Succeeding in being easy for new users o Pwm wasn’t perfect ◦Security was too transparent ◦Caused users to be confused and make mistakes o Mocked up a system using manual encryption ◦Users enjoyed manual encryption ◦Wished it was tightly integrated with the browser o A combination of approaches is needed to solve the problem

Future Work o Manual encryption in Pwm ◦Don’t automatically send encrypted ◦“Encrypt” button which puts ciphertext in compose window o Sidebar ◦Browser sidebar allowing for manual encryption ◦Can be used on any site ◦Fallback for when Pwm has an error o Long-term studies ◦Larger populations ◦Real tasks

Lessons Learned o Usability is a key factor in security software o Users have expectations about how security works ◦What needs to be exposed? ◦It can impact trust o There are tradeoffs ◦Usability vs. security ◦Transparency vs. control ◦No one solution does everything o Research needs to focus on real world use cases ◦Collaboration with industry

Questions?