270 likes | 319 Views
Usable Security (unusable security ain’t secure). Jeff Offutt http://www.cs.gmu.edu/~ offutt / SWE 632 User Interface Design and Development. Based on slides from Paul Ammann Keynote talk at SECTEST 2014 (with liberal help from Angela Sasse of UCL). Outline. A Poll
E N D
Usable Security(unusable security ain’t secure) Jeff Offutt http://www.cs.gmu.edu/~offutt/ SWE 632 User Interface Design and Development Based on slides from Paul Ammann Keynote talk at SECTEST 2014 (with liberal help from Angela Sasseof UCL)
Outline A Poll Consequences of unusable security Myths about usable security The path forward
A Poll • How many of you : • Agree ? • Disagree ? I hope you will all disagree by the time I finish today
Outline A Poll Consequences of unusable security Myths about usable security The path forward
Standard Security Thinking: “Users Should Make the Effort” “An hour from each of the US’s 180 million online users is worth approximately US$2.5 billion. A major error in security thinking has been to treat users’ time—an extremely valuable resource—as free.” C. Herley, IEEE S&P Jan/Feb 2014
Productivity Impact – Lost Sales Not a particularly effective security measure Not usable: failure rate around 40% — so customers go elsewhere “CAPTCHAs waste 17 years of human effort every day” (Pogue, Scientific American March 2012)
Password Recovery “A significant percentage of users use the password recovery system every time they log in to their bank account” — Security executive at a major bank
“Through 20 years of effort, we've successfully trained everyone to design passwords that are hard for humans to remember, but easy for computers to guess.”
Unusable Security Costs Security • User errors — even when trying to be secure • Non-compliance and workarounds to get tasks done • Security policies that cannot be followed make effort seem futile: “It creates a sense of paranoia and fear, which makes some people throw up their hands and say, `there’s nothing to be done about security,’ and then totally ignore it.” Expert Round Table IEEE S&P Jan/Feb 2014
Noncompliance Are these legitimate users?
Classification of Errors (Norman) • Slips • Goal is correct • But execution is flawed • Mistakes • Goal is wrong • Attacks • Goal is immoral, anti-social, or illegal User errors≠ security attacks Don’t treat legitimate users like criminals
Impact on Security – Long-Term • Increased likelihood of security breaches • “Noise” created by habitual non-compliance makes malicious behavior harder to detect • Lack of appreciation of and respect for security creates a bad security culture • Frustration can lead to disgruntlement: intentional malicious behavior — insider attacks, sabotage
Outline A Poll Consequences of unusable security Myths about usable security The path forward
Beliefs of Usable Security These are based on a survey of security and usability professionals at several companies Belief 1 Software engineers and security experts understand usability Belief 2 Usability is the same as user interface design Belief 3 Usability is a luxury, not a necessity
Myths of Usable Security These are based on a survey of security and usability professionals at several companies Belief 1 Software engineers and security experts understand usability Myth 1 Software engineers and security experts understand usability Belief 2 Usability is the same as user interface design Myth 2 Usability is the same as user interface design Belief 3 Usability is a luxury, not a necessity Myth 3 Usability is a luxury, not a necessity
Beliefs of Usable Security (2) Belief 4 Making access more difficult for legitimate users also makes access more difficult for illegitimate users Belief 5 Usability and security conflict with each other Belief 6 The right process will lead to usable security
Myths of Usable Security (2) Belief 4 Making access more difficult for legitimate users also makes access more difficult for illegitimate users Myth 4 Making access more difficult for legitimate users also makes access more difficult for illegitimate users Belief 5 Usability and security conflict with each other Myth 5 Usability and security conflict with each other Belief 6 The right process will lead to usable security Myth 6 The right process will lead to usable security
The Cost Confusion Low usable security Death Zone Cost for authorized users Our goal is to drive this down Sweet Spot High usable security Cost for unauthorized users
Outline A Poll Consequences of unusable security Myths about usable security The path forward
Pain and Consequences Executive Programmers ? Purchasing ? Designers Users pain
Pain and Consequences Executive Programmers Achieving usable security requires a pain-path from the users to the designers Purchasing Designers Users pain
Technology Should be Smarter Move from explicit to implicit authentication: • Proximitysensors • Car key fobs • Bio-metrics • Thumbprints, facial recognition, etc. • Web fingerprinting • Two-factor authentication
Summary Security can only be achieved by designing security systems that are usable Unusable security ain’t secure