1 / 49

User Studies Motivation

User Studies Motivation. January 30, 2007. How do we know whether security is usable?. Need to observe users. We are not our users! (you may be surprised by what users really do). Wireless privacy study. Many users unaware that communications over wireless computer networks are not private

evette
Download Presentation

User Studies Motivation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Studies Motivation January 30, 2007

  2. How do we know whether security is usable?

  3. Need to observe users • We are not our users! • (you may be surprised by what users really do)

  4. Wireless privacy study • Many users unaware that communications over wireless computer networks are not private • How can we raise awareness? B. Kowitz and L. Cranor. Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005 Workshop on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA.

  5. Wall of sheep

  6. Defcon 2001 Photo credit: Kyoorius @ techfreakz.org http://www.techfreakz.org/defcon10/?slide=38

  7. Defcon 2004 Photo credit: http://www.timekiller.org/gallery/DefconXII/photo0003

  8. Peripheral display • Help users form more accurate expectations of privacy • Without making the problem worse

  9. Experimental trial • Eleven subjects in student workspace • Data collected by survey and traffic analysis • Did they refine their expectations of privacy?

  10. Results • No change in behavior • Peripheral display raised privacy awareness in student workspace • But they didn’t really get it

  11. Privacy awareness increased “I feel like my information /activity / privacy are not being protected …. seems like someone can monitor or get my information from my computer, or even publish them.”

  12. But only while the display was on “Now that words [projected on the wall] are gone, I'll go back to the same.”

  13. Security and privacy indicators

  14. Evaluating indicators • Case study: Privacy Bird

  15. Platform for Privacy Preferences (P3P) • 2002 W3C Recommendation • XML format for Web privacy policies • Protocol enables clients to locate and fetch policies from servers

  16. Privacy Bird • P3P user agent • Free download http://privacybird.org/ • Compares user preferences with P3P policies

  17. Security people Can attackers spoof it? What if P3P policy contains lies? Can P3P policies be digitally signed? What about main-in-the-middle attacks? Usability people Green/red color blind problem Do people notice it in corner of browser? Do people understand privacy implications? Why a bird? Critique Privacy Bird

  18. Typical securityevaluation

  19. Does it behave correctly when not under attack? • No false positives or false negatives

  20. Anti-phishing tools • Y. Zhange, S. Egelman, L. Cranor, and J. Hong. Phinding Phish: Evaluating Anti-Phishing Tools. In Proceedings of NSSS 2006, forthcoming.

  21. Does it behave correctly when under attack? • Can attackers cause wrong indicator to appear?

  22. Correct indicator Wrongindicator AttackerredirectsthroughCDN

  23. Can it be spoofed or obscured? • Can attacker provide indicator users will rely on instead of real indicator?

  24. Usability evaluation

  25. Communication-Human Information Processing (C-HIP) Model Wogalter, M. 2006. Communication-Human Information Processing (C-HIP) Model. In Wogalter, M., ed., Handbook of Warnings. Lawrence Erlbaum Associates, Mahwah, NJ, 51-61. C-HIP Model

  26. Do users notice it? • If users don’t notice indicator all bets are off • “What lock icon?” • Few users notice lock icon in browser chrome, https, etc. • C-HIP model: Attention switch, attention maintenance

  27. Do users know what it means? Web browser lock icon: “I think that it means secured, it symbolizes some kind of security, somehow.” Web browser security pop-up: “Yeah, like the certificate has expired. I don’t actually know what that means.” • C-HIP Model: Comprehension/Memory J. Downs, M. Holbrook, and L. Cranor. Decision Strategies and Susceptibility to Phishing. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.

  28. Cookie flag IE6 cookie flag Firefox SSL icon Netscape SSL icons

  29. Privacy Bird icons Privacy policymatches user’sprivacy preferences Privacy policydoes not match user’s privacy preferences

  30. Do users know what to do when they see it? • C-HIP Model: Comprehension/Memory

  31. Do users believe the indicator? “Oh yeah, I have [seen warnings], but funny thing is I get them when I visit my [school] websites, so I get told that this may not be secure or something, but it’s my school website so I feel pretty good about it.” • C-HIP Model: Attitudes/Beliefs

  32. Are users motivated to take action? • May view risk as minimal • May find recommended action too inconvenient or difficult • C-HIP Model: Motivation

  33. Do they actually do it? “I would probably experience some brief, vague sense of unease and close the box and go about my business.” • C-HIP Model: Behavior

  34. Do they keep doing it? • Difficult to measure in laboratory setting • Need to collect data on users in natural environment over extended period of time • C-HIP Model: Behavior

  35. How does it interact with other indicators? • Indicator overload?

  36. Summary: Security evaluation • Does indicator behave correctly when not under attack? • No false positives or false negatives • Does indicator behave correctly when under attack? • Can attackers cause wrong indicator to appear? • Can indicator be spoofed or obscured? • Can attacker provide indicator users will rely on instead of real indicator?

  37. Do users notice it? Do they know what it means? Do they know what they are supposed to do when they see it? Do they believe it? Are they motivated to do it? Will they actually do it? Will they keep doing it? How does it interact with other indicators? Summary: Usability evaluation

More Related