In Search of Usable Security: Five Lessons from the Field Presentation by 王志誠

In Search of Usable In Search of Usable Security: Five Lessons Security: Five Lessons

from the Fieldfrom the Field

Presentation by Presentation by 王志誠王志誠

OutlineOutline

IntroductionIntroduction A PKI-based (public key A PKI-based (public key

Infrastructure) secure wireless Infrastructure) secure wireless networknetwork

Traditional PKI deploymentTraditional PKI deployment Gesture-directed automatic Gesture-directed automatic

configurationconfiguration Five lessonsFive lessons ConclusionsConclusions

IntroductionIntroduction

Psychological acceptabilityPsychological acceptability HCI design and evaluation HCI design and evaluation

techniques for usabilitytechniques for usability End users struggle to End users struggle to

comprehend the security comprehend the security decisions with they are decisions with they are presentedpresented

IntroductionIntroduction

Often deliberately disclose or Often deliberately disclose or ignore security to get their work ignore security to get their work done – a lack of usabilitydone – a lack of usability

Professionally managed Professionally managed infrastructures such as infrastructures such as corporate firewall protect most corporate firewall protect most of us while at workof us while at work

Mobile devices into home or on Mobile devices into home or on the road? – On Your Ownthe road? – On Your Own

A PKI-based (public key A PKI-based (public key Infrastructure) secure wireless Infrastructure) secure wireless networknetwork EnvironmentEnvironment Palo Alto Research Center Palo Alto Research Center

(PARC)(PARC) 200 users, X.509 certificates200 users, X.509 certificates Use 802.1x Transport Level Use 802.1x Transport Level

Security Authentication of Security Authentication of EAP-TLSEAP-TLS

A PKI-based secure wireless A PKI-based secure wireless networknetwork

PKI deployment is PKI deployment is incomprehensible, complex, and incomprehensible, complex, and unusable.unusable.

Offered to help the Offered to help the administrative staff roll out the administrative staff roll out the PKI to avoid the pitfalls of PKI PKI to avoid the pitfalls of PKI deploymentdeployment

We were wrongWe were wrong

Traditional PKI deploymentTraditional PKI deployment

First VersionFirst Version Manual Setup – 38 steps requiredManual Setup – 38 steps required


38 steps38 steps GUI-based 802.1x config softwaGUI-based 802.1x config softwa

rere Web-based enrollment sysWeb-based enrollment sys 8 subjects (advanced degree in 8 subjects (advanced degree in

CS field)CS field) 140 min to enroll in system140 min to enroll in system


With an elaborate set of With an elaborate set of instructions that detailed each instructions that detailed each stepstep

Most difficult computer taskMost difficult computer task Secured the subjects’ machine Secured the subjects’ machine

for wireless use, it for wireless use, it simultaneously reduces their simultaneously reduces their ability to configure and maintain ability to configure and maintain their own machinestheir own machines


To compensate for its poor user interface, we used a combination of documentation and training to help users enroll in the wireless network.

making it completely infeasible for smaller home or office networks.

Gesture-directed automatic Gesture-directed automatic configurationconfiguration

Lets an average end user join a device to a wireless network using the strongest, PKI-based security standards available, simply, easily, and intuitively

Gesture-directed automatic Gesture-directed automatic configurationconfiguration Second VersionSecond Version


A small setup application take A small setup application take care all of configuration settingscare all of configuration settings

Local-limited channels infrared Local-limited channels infrared devicesdevices

1 min and 39 sec1 min and 39 sec


2 aspects of this design stand o2 aspects of this design stand outut

Gestural user interfaceGestural user interface Intuitive trust modelIntuitive trust model Got much higher marks in user s

atisfaction and confidence

Five lessonsFive lessons

You can’t retrofit usable security

Usability and security – design Usability and security – design into system from the ground upinto system from the ground up

Adding explanatory dialog boxes to a confusing system is not the solution

Only by starting from completely different interaction principles did we manage to build a usable and secure system.


Tools aren’t solutions Recognizing that available techn

ologies are nothing more than tools is only part of this lesson

the other part is appreciating that our current portfolio of available tools is rather incomplete.

Five lessonsFive lessons Mind the upper layers Security is not something to handle o

nly in the lower layers of the networking stack or in the depths of the operating system.

If we design security into all of an application’s layers (in particular, its upper layers),it becomes implicit and hence much more user-friendly.

the security mechanisms an application implements must be compatible with what the user needs to accomplish.

Five lessonsFive lessons Keep your customers satisfie

d Expertise can blind even those

most sensitive to user concerns Support questions usability failures sometimes hide

behind apparent success stories


Think locally, act locally Systems that follow the “think lo

cally” principle are also often easier to deploy, because they don’t require administrators to coordinate with some larger infrastructure or organization

As a result, they can offer greater opportunities for automatic configuration

ConclusionsConclusions

Information security often fails because of the lack of usability

To rectify this situation, we must design systems that are simultaneously usable and secure.

Documents

In Search of Usable Security: Five Lessons from the Field Presentation by 王志誠