You are on page 1of 34

Usable Security

Presented by:
Rahulkumar Jaiswar
Guided by : Prof. k k Joshi
: Prof. Sowmiya
Raksha

Outline
A Poll
Whats wrong with usable security
thinking
The consequences of unusable security
Lessons from airplane safety
Future Scope
References
Hyperlinks

Whats Wrong With Usable Security


Thinking?

Security
implemente
rs
sometimes
invent the
user instead
of
discoverin
g the user
4

Proper Focus: Fit with Users &


Activity
If you want productive & secure
users
and security is usually the secondary
task

Then you need to understand


Primary user activities
User motivations
User behavior
Impact on bottom line
5

The Consequences of Unusable


Security
Unusable
Security Costs
Money

Unusable
Security Costs
Security
6

Unusable Security Costs Money

Standard Security Thinking:


Users Should Make the Effort
Question: how much? It all adds up:
1. Time spent on security tasks:
authentication, access control,
warnings, security education .
2. Failure: time spent on errors and
error recovery (user and visible
organizational cost)
3. Disruption of primary tasks = re-start
cost
8

Does This Really Help Security?

Time is Money
An hour from each of the USs 180
million online users is worth
approximately US$2.5 billion. A major
error in security thinking has been to
treat users timean extremely valuable
resourceas free.
C Herley, IEEE S&P Jan/Feb 2014
10

Impact on Productivity
Lost Sales
Not a particularly
effective security
measure
Not usable: failure
rate around 40% - so
customers go
elsewhere
CAPTCHAs waste 17
years of human effort
every day
(Pogue, Scientific
American March
2012)
11

Authentication Wall of
Disruption

12

Authentication Hate List


1. Why cant I reuse my old password?
2. Repeated authentication to the same
system (e.g. because of 15 minute timeouts)
3. Authenticating to infrequently used
systems
Difficulty to recall previous password
Password could have expired in the meantime
Resetting a password is not easy

4. Creating a valid password (different rules


for each system)
13

Authentication Hate List


4. Managing a high number of different
credentials
Different policies means strategies for
creating & recalling passwords dont work
Which credentials to use for which system

5. Use of RSA tokens


It's this extra, again, effortful stuff. I have to
dig around in my bag and get the RSA ID
token out and then set it on my laptop and
then type out the number, make sure that
you're not typing it right before changes or
as it's changing or whatever.
14

Impact on Productivity Long-Term


1. User opt out of services, return devices
Improves their productivity, but often reduces
organizational productivity (example: email)
Organization has less control over alternatives

2. Stifling innovation: new opportunities that


would require changes in security
3. Staff leaving organization to be more
productive/creative elsewhere

15

Unusable Security is
Ridiculous

16

Technology Should be Smarter than


This
Move from explicit to implicit authentication:
1. Proximity sensors to detect user presence
2. Behavioural biometrics: zero-effort, onestep, two-factor authentication
3. Exploit modality of interaction: use videobased authentication in video, audio in
audio, etc.
4. Web fingerprinting can identify users why
not use it for good?
17

Green shoots 1
FIDO a commercial
alliance to replace
passwords

www.fido.org

18

Green shoots 2:
Security that supports user goals: Parental controls

Apparently parents didnt much care


But business users loved it!
PayPhrase discontinued in February 2012
Purchase Delegation introduced for business users

19

The Consequences of Unusable


Security
Unusable
Security Costs
Money

Unusable
Security Costs
Security
20

Unusable Security Costs Security!


1. User errors - even when trying to be secure
2. Non-compliance/workarounds to get tasks done
3. Security policies that cannot be followed make
effort seem futile:
It creates a sense of paranoia and fear, which makes
some people throw up their hands and say, theres
nothing to be done about security, and then totally
ignore it.
Expert Round Table IEEE S&P Jan/Feb 2014

21

User Errors When Trying to be Secure


Document
redaction prone
to error
Is the document
really free of
confidential
data?
If not:
Blame the user?
Or look deeper?

22

Noncompliance

Are these legitimate users?


23

You Can Only Ask For So Much

24

Reasons For Non-Compliance


Compliance requires ability and
Cant comply
willingness

Security tasks that are impossible to complete


remove/redesign (security hygiene)
Could comply but wont comply
The cost of security tasks that can be
completed in theory, but require a high level
of effort and/or reduce productivity. Identify
& reduce friction through better design or
better policies
Can comply and do comply
Security tasks that staff routinely comply
with provides examples of what is
workable in a particular environment =
25
template for security

Revocation

Usability and revocation


Who identifies unneeded privileges?
Manager? Employee?
Answer says a lot about the
organization

Demo environment vs. actual


practice
How does that work with 1000

26

Old Security, No Longer


Usable
Entering a complex
password on
touchscreen
keyboard timeconsuming and
error-prone
users look for
passwords that are
easy to enter
severely reduced
password space
27

New Security, Unusable Implementation


Replacing existing 2FA
card with a more
secure one good
Replacing 6-digit
numeric code with 8char alphanumeric
password (valid for 1
minute) not good

28

Impact on Security LongTerm


1. Increased likelihood of security
breaches
2. Noise' created by habitual noncompliance makes malicious behavior
harder to detect
3. Lack of appreciation of and respect for
security creates a bad security culture
4. Frustration can lead to disgruntlement:
intentional malicious behavior - insider
attacks, sabotage
29

Lessons From Airplane Safety


April 26, 1994, Nagoya Japan
Sequence of events on landing:
F/O inadvertently entered GO
AROUND mode
Subsequent crew actions led to stall
Crash killed 264 of 271 on board

Official cause
Crew error

But usability played a key role


Mental model of crew diverged from
actual airplane state
Crew actions reasonable in a
different airplane state

FAA and Aircraft manufacturers


have learned from this!
30

The Path Forward?

31

Future scope
Some organizations dont care
about usability or usable security
Not much to do there
Dangerous invitation to competitors!

Some do care
Q: How to make it happen?
A: High-level commitment
A: Feedback loops
A: Appropriate personnel
32

Models Have to Include the User


Modern aircraft design has critical
role for human factors
The same needs to happen in security

Security is a secondary task


Users are trying to do something else

Modeling human behavior is critical


The user is part of the system
We need to understand how things go
wrong
33

Notions from Fault Tolerance


Error management can be viewed in
terms of
Error avoidance
Error detection
Error recovery

Software engineering is wellacquainted with this approach


already!
But we havent really applied it to
security
34

References
R. Morris and K. Thompson, Password Security: A Case
History, Comm. ACM, vol. 22, no. 11, 1979, pp.594597.
S. Wiedenback et al., Authentication using Graphical
Passwords: Effects of Tolerance and Image Choice, Proc.
Symp. Usable Privacy and Security, ACM Press,2005, pp.
112.
S.N.A. Porter, A Password Extension for Improved Human
Factors, Computers & Security, vol. 1, no. 1, 1982, pp.
5456.
B.F. Barton and M.S. Barton, User-Friendly Password
Methods for Computer-Mediated Information Systems,
Computers & Security, vol. 3, no. 3, 1984, pp. 186195.

35