In Search of Usable Security: Five Lessons from the Field Presentation by 王志誠

Outline Introduction Introduction A PKI-based (public key Infrastructure) secure wireless network A PKI-based (public key Infrastructure) secure wireless network Traditional PKI deployment Traditional PKI deployment Gesture-directed automatic configuration Gesture-directed automatic configuration Five lessons Five lessons Conclusions Conclusions

Introduction Psychological acceptability Psychological acceptability HCI design and evaluation techniques for usability HCI design and evaluation techniques for usability End users struggle to comprehend the security decisions with they are presented End users struggle to comprehend the security decisions with they are presented

Introduction Often deliberately disclose or ignore security to get their work done – a lack of usability Often deliberately disclose or ignore security to get their work done – a lack of usability Professionally managed infrastructures such as corporate firewall protect most of us while at work Professionally managed infrastructures such as corporate firewall protect most of us while at work Mobile devices into home or on the road? – On Your Own Mobile devices into home or on the road? – On Your Own

A PKI-based (public key Infrastructure) secure wireless network Environment Environment  Palo Alto Research Center (PARC)  200 users, X.509 certificates  Use 802.1x Transport Level Security Authentication of EAP-TLS

A PKI-based secure wireless network PKI deployment is incomprehensible, complex, and unusable. PKI deployment is incomprehensible, complex, and unusable. Offered to help the administrative staff roll out the PKI to avoid the pitfalls of PKI deployment Offered to help the administrative staff roll out the PKI to avoid the pitfalls of PKI deployment We were wrong We were wrong

Traditional PKI deployment First Version First Version  Manual Setup – 38 steps required

Traditional PKI deployment  38 steps  GUI-based 802.1x config software  Web-based enrollment sys  8 subjects (advanced degree in CS field)  140 min to enroll in system

Traditional PKI deployment With an elaborate set of instructions that detailed each step With an elaborate set of instructions that detailed each step Most difficult computer task Most difficult computer task Secured the subjects’ machine for wireless use, it simultaneously reduces their ability to configure and maintain their own machines Secured the subjects’ machine for wireless use, it simultaneously reduces their ability to configure and maintain their own machines

Traditional PKI deployment To compensate for its poor user interface, we used a combination of documentation and training to help users enroll in the wireless network. making it completely infeasible for smaller home or office networks.

Gesture-directed automatic configuration Lets an average end user join a device to a wireless network using the strongest, PKI-based security standards available, simply, easily, and intuitively

Gesture-directed automatic configuration Second Version Second Version

Gesture-directed automatic configuration A small setup application take care all of configuration settings A small setup application take care all of configuration settings Local-limited channels infrared devices Local-limited channels infrared devices 1 min and 39 sec 1 min and 39 sec

Gesture-directed automatic configuration 2 aspects of this design stand out 2 aspects of this design stand out  Gestural user interface  Intuitive trust model Got much higher marks in user satisfaction and confidence

Five lessons You can’t retrofit usable security Usability and security – design into system from the ground up Usability and security – design into system from the ground up Adding explanatory dialog boxes to a confusing system is not the solution Only by starting from completely different interaction principles did we manage to build a usable and secure system.

Five lessons Tools aren’t solutions Recognizing that available technologies are nothing more than tools is only part of this lesson the other part is appreciating that our current portfolio of available tools is rather incomplete.

Five lessons Mind the upper layers Security is not something to handle only in the lower layers of the networking stack or in the depths of the operating system. If we design security into all of an application’s layers (in particular, its upper layers),it becomes implicit and hence much more user-friendly. the security mechanisms an application implements must be compatible with what the user needs to accomplish.

Five lessons Keep your customers satisfied Expertise can blind even those most sensitive to user concerns Support questions usability failures sometimes hide behind apparent success stories

Five lessons Think locally, act locally Systems that follow the “think locally” principle are also often easier to deploy, because they don’t require administrators to coordinate with some larger infrastructure or organization As a result, they can offer greater opportunities for automatic configuration

Conclusions Information security often fails because of the lack of usability To rectify this situation, we must design systems that are simultaneously usable and secure.