Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineering Secure Software. Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins.

Published byGodwin Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Engineering Secure Software. Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins."— Presentation transcript:

1 Engineering Secure Software

2 Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins.

3 Users are NOT the Enemy  Security mechanisms are designed, implemented, applied, and breached by people. Human Factors is a key. Hackers can leverage human factors too. e.g. social engineering, “rubber hose cryptanalysis”  Why do users not adhere to security criteria? Lack of security knowledge Lack of motivation Users are guided by what they actually see—or don’t. Not considering human factors wrt security mechanisms. e.g. constantly changing passwords

4 Do not overload users’ memory  Human memory has limitations of about 7 items Balloon Giraffe Sphinx Ball Moon Jerry Alex India Chair Graph Be Pluto Daisy All Train Byte Lime Fact Screen Zoo

5 Do not overload users’ memory  Users will use externalization to cope Sticky notes, password managers Facilitates insider attacks

6 Human Factors  Minimize the mental workload for the user Recognition rather than recall (e.g. recognize images) Forgiving mechanisms (93% successful login with 9 th attempt) ○ Realistic security vs. theoretical security ○ Resetting passwords overload helpdesks ○ Delay logins instead of lockouts

7 Human Factors  Awkward behavior Example: organizations mandate that users must lock their screens when leaving their desks, even for brief periods Users will not comply with security mechanisms that conflicts with their values, or self-image Solution: label such behaviors positively

8 Usability of Permission Granting  Global resources e.g. Smartphones expose a global clipboard to apps User friendly violates least-privilege  Manifests (Android, Win phone) Out of context: Checked at time of install, not time of use. Disruptive: Only prompted at first use to avoid prompt-fatigue. Violates least-privilege  Prompts (iOS, browsers) Used to verify user intent Repetitiveness teaches users to ignore them (prompt fatigue)  User- driven access control Via access control gadgets Captures user’s intent, minimize interaction Enables in-context, non- disruptive, and least-privilege permission granting

9 Usability of Authentication Mechanisms

10  Attacked by phishing  Protection software: Password Alert Chrome extension

11 Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: recall-based (drawmetric systems) ○ Users recall and reproduce a secret drawing (on grid, canvas) ○ Drawbacks: phishing, easy to guess (users draw their initials)

12 Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: Recognition-based (cognometric systems) ○ Users memorize a portfolio of images during password creation, and then recognize their images from among decoys to log in ○ More difficult to be attacked by phishing ○ Drawbacks: password space is small, shoulder-surfing

13 Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: cued-recall (locimetric systems) ○ Easier memory task than pure recall ○ Users remember and target specific locations in an image ○ Tolerance area 14x14 pixels ○ Vulnerable to hotspots and simple geometric patterns in images

14 Vulnerabilities are a Usability Problem  Every developer mistake could be justified as a usability mistake, e.g. misusing C  SW vulnerabilities are blind spots in developer’s heuristic-based decision- making processes Humans use heuristics (simple computational models) to find feasible (not optimized) solutions quickly due to: ○ Limitation of working memory ○ Cognitive effort

15 Development Tools Can Help  Reusable components that accomplish a single task Example: SSL/TSL implementations (e.g. Java, OpenSSL)  Security information should reach users (App developers) when they need it, on the spot Example: IDEs, text editors, browsers, compilers, etc. bring security information while coding

16 An Example from PGP  From “Why Johnny Can’t Encrypt”, USENIX 1999 by Whitten et al.  Advanced technical users failed to encrypt and decrypt their mail using PGP 5.0, even after receiving instruction and practice. Encryption concept is complex Terminology employed is fundamentally at odds with everyday language (e.g. key, private, public)  Corroborated by similar studies

17 Usable OpenSSL  Confusion  OpenSSL is an open source implementation for SSL, TLS, cryptography library, written in C. Easy to use for simple encryption Becomes synonym for “secure” To encrypt the text “I love OpenSSL!” with the AES algorithm using CBC mode and a key of 256 bits that is computed from the password “hello”: To decrypt:

18 Reminders  End users are humans  Developers are humans  Humans have memory limitations  Humans have cognitive limitations  If security will complicate the system, humans will probably not use it  Security designers forget that users are humans, while attackers do not!

Download ppt "Engineering Secure Software. Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins."

Similar presentations

User-Driven Access Control Rethinking Permission Granting in Modern OSes Franziska Roesner, Tadayoshi Kohno University of Washington Alexander Moshchuk,

User-Driven Access Control Rethinking Permission Granting in Modern OSes Franziska Roesner, Tadayoshi Kohno University of Washington Alexander Moshchuk,
Programming Paradigms and languages

Programming Paradigms and languages
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Java.  Java is an object-oriented programming language.  Java is important to us because Android programming uses Java.  However, Java is much more.

Java.  Java is an object-oriented programming language.  Java is important to us because Android programming uses Java.  However, Java is much more.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
05-899/17-500 Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.

05-899/ Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.
Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Chapter 5 Attention and Memory Constraints Presentation By: Sybil Calvillo.

Chapter 5 Attention and Memory Constraints Presentation By: Sybil Calvillo.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Understanding Task Orientation Guidelines for a Successful Manual & Help System.

Understanding Task Orientation Guidelines for a Successful Manual & Help System.
Introduction 01_intro.ppt

Introduction 01_intro.ppt
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Similar presentations

Ads by Google