Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura.

Published byLeon Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura."— Presentation transcript:

1 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

2 Smart Phones Device-enabled authorization in the Grey system(2005)  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, Peter Rutenbar Lessons learned from the deployment of a smartphone-based access-control system(2007)  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kami Vaniea Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

3 Introduction Grey is a flexible platform that provides ubiquitous access control to both physical and virtual resources, via smartphones. At the core is a flexible and provably sound authorization framework based on proof- carrying authorization( PCA), extended with a new distributed proving technique that offers significant efficiency and usability advances

4 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Introduction (continued) Delegates authority in a convenient fashion. Relies on cryptographic key management. Also incorporates capture resilience Takes advantage of Bluetooth, cellular data (GPRS), and messaging protocols (SMS and MMS)

5 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech COMPONENTS Graphical Identifiers Capture-Resilient Cryptography Proof-Carrying Authorization

6 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Graphical Identifiers Person  Photograph – less failure-prone Public Key  Two-dimensional barcode of the hash Network Address  Two-dimensional barcode of the address  Circumvent the high-latency of device discovery in Bluetooth

7 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Capture-Resilient Cryptography Protects the phones private key by using a remote capture-protect server User can disable the key if the phone has been lost or can temporarily disable to protect from dictionary attacks Server is an untrusted space  user’s key information is not passed back and forth Decentralized system  each user can use their own server (i.e., desktop computer)

8 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Proof-Carrying Authorization Utilizes formal logic directly in the implementation of the system. Directly manipulates fragments of the logic and represents credentials/proofs of access as constructed in formal logic. Contains an automated theorem prover and checker Client is responsible to prove that access should be granted

9 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech USAGE SCENARIOS

10 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Alice Bob

11 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

12

13

14

15

16

17

18

19 SOFTWARE ARCHITECTURE Graphical User Interfaces Prover Verifier Communication Framework Performance

20 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Graphical User Interfaces Phone  Address Book  Access requests to a resource  Reactive policy creation Computer  Groups  Roles  Policy Creation

21 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prover Distributed proving  Eager – completely unable to make progress  Lazy - ask for help as soon as he isolates a theorem that someone else might help with

22 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prover

23 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Verifier Simple, lightweight, and device independent

24 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Communication Framework Support for multiple transport layers Reliable, flexible message routing Light user burden

25 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Communication Framework Application Layer Management Layer Carriers

26 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Performance

27 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PILOT APPLICATIONS Office Access Windows XP Login

28 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Office Access Enables access to office doors Standard electrical door strike and embedded PC (4.55×3.75×1.70 inches).  Bluetooth and RS-485 relay controller

29 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Windows XP Login

30 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech LESSONS LEARNED

31 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Introduction 9 months and 19 participants Periodic interviews and logs generated by the system Principles of concern:  Usability downfalls  Network effects  New flexibility  End use behavior

32 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Floor Plan

33 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Users Faculty, staff, students in the building 19 users Demographics:  6 CS and ECE  3 Technical Staff  1 Administrative Staff  16 male and 3 female

34 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Procedure Conducted an initial interview Given the phone Basic Instructions Interviewed in a month and then every 4 to 6 weeks  All at desk or conference room

35 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Data One year of data 19,500 Grey and 236,900 total access attempts Video of 70 accesses 30 hours of interview data Resources: 7.4 average (15 max, 2 min) Users: 5.7 average (11 max, 3 min) 18 still use the system

36 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Lessons Learned 1. Perceived speed and convenience are critical to a user’s satisfaction and acceptance 2. A single failure can strongly discourage adoption 3. Users won’t user features they don’t understand 4. Systems that benefit from the network effect are often untenable for small user populations 5. Low overhead for creating and changing policies encourages policy change 6. Unanticipated uses can bolster acceptance

37 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Perceived speed and convenience are critical to a user’s satisfaction and acceptance

38 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech A single failure can strongly discourage adoption Getting locked out caused user to go from 28 system requests to 7 Delegation took so long that users thought it was broken Lent someone their phone

39 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Users won’t user features they don’t understand Passed up more effective ways of delegation for simpler to use

40 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Systems that benefit from the network effect are often untenable for small user populations To really start to be able to do amazing thing you need large user population and installation base

41 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Low overhead for creating and changing policies encourages policy change Role based key policy of students, staff, and faculty Spare and hidden keys Delegation more casual, 11 received access to resource they did not have before Users ideal policy for 95% of access controls

42 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Unanticipated uses can bolster acceptance Could open doors from the inside Satisfying clicking noises the door made

43 Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussion Why do technical users behave like non technical users? What access problems does this technology introduce? Is a smart phone the correct device to use? Is there a better distributed server system than desktop computers?

Download ppt "Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura."

Similar presentations

웹 서비스 개요.

웹 서비스 개요.
Introduction Why do we need Mobile OGSI.NET? Drawbacks:

Introduction Why do we need Mobile OGSI.NET? Drawbacks:
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.

1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Technical Architectures

Technical Architectures
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Secure Communications … or, the usability of PKI.

Secure Communications … or, the usability of PKI.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Research on access control policy configuration Manya and Shuai.

Research on access control policy configuration Manya and Shuai.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.

Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google