View
217
Download
0
Embed Size (px)
Citation preview
Jason I. Hong
Human Computer Interaction,Human Computer Interaction,Security, and PrivacySecurity, and Privacy
Everyday Security is Important
• People increasingly asked to make trust decisions– Open this email attachment?– Install and run this software?– Enter username and password?
• Consequence of wrong trust decision can be dramatic– Spyware– Malware (viruses, worms)– Identity theft
• But these trust decisions only part of bigger picture of usable privacy and security…
Costs of Unusable Security & Privacy High
• Still lots of unpatched Windows machines• Phishing web sites increasing by 28% each month• Lots of PCs infected with spyware• Users have more passwords than they can remember
and practice poor password security• Enterprises store confidential information on laptops
and mobile devices that are frequently lost or stolen
Grand Challenge
“Give end-users security controls they can understandand privacy they can control forthe dynamic, pervasive computing environments of the future.”
- Computing Research Association 2003
Good Usability is Key
• Still lots of unpatched Windows machines• Phishing web sites increasing by 28% each month• Lots of PCs infected with spyware (avg. = 25)• Users have more passwords than they can remember
and practice poor password security• Enterprises store confidential information on laptops
and mobile devices that are frequently lost or stolen
• Design / implementation failure, but…
• Not man-in-middle• Not encryption failure• A lot of people don’t realize you have to keep system up to date
Good Usability is Key
• Still lots of unpatched Windows machines• Phishing web sites increasing by 28% each month• Lots of PCs infected with spyware (avg. = 25)• Users have more passwords than they can remember
and practice poor password security• Enterprises store confidential information on laptops
and mobile devices that are frequently lost or stolen
• SSL, email headers, certificates, URLs pretty much all in place
• A lot of people still fall for simple attacks, just straight email
• Don’t realize mail is spoofable• Can’t differentiate fake sites from real web sites
Main Points of Today’s Talk
• People are a critical and often overlooked aspect of the systems we design
• We need to design systems that mesh well with people’s existing knowledge and abilities
• Otherwise, your security mechanisms will be:– Overlooked (leading people to do “the wrong thing”), or
– Subverted (so people can get their work done)
Outline
• Whirlwind Overview of HCI-Security– Passwords
– File permissions
– Web
• Design Guidelines
Outline
• Whirlwind Overview of HCI-Security– Passwords
– File permissions
– Web
• Design Guidelines
PasswordsTypical Advice
• Pick a hard to guess password• Don’t use it anywhere else• Change it often• Don’t write it down
• Implications?
Solutions?
• Password Keeper Software– Run on PC, in web browser, or handheld
– Only remember one password
• Single sign-on– Login once to get access to all your passwords
• PwdHash Web Browser plug-in (Stanford)– User only needs to remember one password
– Automatically hashed by web site
“Forgotten Password” Mechanism
• Email password or magic URL to address on file• Challenge questions
For all practical purposes, this is the standard way to access infrequently used sites
Summary: Solving the password proliferation problem
• Existing solutions (password keepers and fingerprint readers) let users to cope, but still have problems
• Graphical passwords look promising, but more research needed
• Need to think about solutions that eliminate passwords altogether
File Permissions
• Rob Reeder and Roy Maxion (here at CMU)
• Old MS Windows file sharing UI
• Let’s say you wanted to make sure user Alice couldn’t see your files– (or let unscrupulous Republican
aides see your files)
Salmon User Interface
• Expand file permissions• (Turns out that in user studies, some people didn’t realize Change Permissions and Take Ownership also had to be changed)• Still a lot of permissions, perhaps collapse into most important
Salmon User Interface• Preview effects of permissions before making changes• Shows effective permissions after merging all user and group permissions
Kazaa File Sharing Study
• Good and Krekelberg, CHI 2003• Given an arbitrary setup of Kazaa, would people
be able to understand what files could in theory be downloaded by others?
Kazaa File Sharing Study
• Three main problems with Kazaa UI– Downloaded files folder is also shared folder
• Users have to realize this, or very bad things happen
Kazaa File Sharing Study
• Three main problems with Kazaa UI– Downloaded files folder is also shared folder
– Kazaa recursively shares folders• Again, users have to know this beforehand
Kazaa File Sharing Study
• Three main problems with Kazaa UI– Downloaded files folder is also shared folder
– Kazaa recursively shares folders
– Inconsistent views• Two UIs for doing similar tasks, but show different
information about state of system
Kazaa File Sharing Study
• 12 users, 10 had used file sharing before• Figure out what files are being shared by Kazaa
– Download files set to C:\ (ie all files on hard drive C:)
• Results– 5 people thought it was “My Shared Folder”
• which one UI did suggest– 2 people used Find Files to find all shared files
• This UI had no files checked, thus no files shared?– 2 people used help, said “My Shared Folder”– 1 person couldn’t figure it out at all– Only 2 people got it right
Summary: File Sharing
• Understanding what is and isn’t being shared is difficult– But can lead to bad situations
– Need to make an “invisible” aspect of system “visible”
• Need to make controls simple• Need to provide useful feedback
• More on this in the Design part of talk…
Outline
• Whirlwind Overview of HCI-Security– Passwords
– File permissions
– Web
• Design Guidelines
User Conceptions of Web Security
• Friedman et al, CHI2003• What do people think the lock icon in browsers mean?
• Survey of 72 people– 24 rural Maine
– 24 suburban NJ
– 24 high-tech CA
User Conceptions of Web Security
• Recognize a secure connection vs non-secure– About half could (https, lock icon)
• Participants asked to draw a secure connection– ~40% got a “right” answer
– 14% people thought of it as a secure place vs secure in transit
• Ex. Data safe on server and protected by firewall
• High-tech people not always accurate
Web Cookies
• Cookies are small pieces of data for tracking– Session state, personalization, etc
• Can also be potential privacy risk– DoubleClick, web image bugs
• Public understanding of cookies and implications slowly growing
Summary: Web
• Users conceptions of security don’t always match system designers
• Current browser cookie interfaces still don’t make sense to users
• New approaches should be explored and tested– Make cookies more visible
– Use community recommendations to manage cookies
Outline
• Whirlwind Overview of HCI-Security– Passwords
– File permissions
– Web
• Design Guidelines
Design Guidelines
• Whole courses you can take
• Two parts today:– General human-computer interaction (most)
– Specific to hci-security (unfortunately short)
HCI Approach to UI Design
Design
Organizational & Social Issues
Technology Humans
Tasks
• Other considerations we won’t look at– Business models, level of fun
Myths about Good Design
• Myth 1: Good design is just common sense– why are there so many bad web sites? hard to use apps?
• Myth 2: Only experts create good designs– experts faster, this course is on simple and effective
techniques anyone can apply
• Myth 3: We can fix the user interface at the end– good design is more than just user interface
– having right features, building those features right
• Myth 4: Good design takes too long / costs too much– simple and effective techniques that can reduce total
development time & cost (finds problems early on)
Myths about Good Design (cont.)
• Myth 5: Good design is just cool graphics– graphics part of bigger picture of what to communicate & how
• Myth 6: Customers can rely on documentation & help– help is the last resort of a frustrated customer
• Myth 7: Marketing takes care of understanding customer needs– does not help you understand behavior
– what people say vs. what they do and what they actually need
• Myth 8: Quality Assurance ensures our product works– QA makes sure product meets specification, not what happens
w/ real customers on real problems
Who Builds User Interfaces?
• A team of specialists (ideally)– graphic designers– interaction / interface designers– information architects– technical writers– marketers– test engineers– usability engineers– software engineers– users
How to Design and Build UIs
• User interface design process• Usability goals• User-centered design• Task analysis & contextual inquiry• Rapid prototyping• Evaluation• Programming
DesignExploration
Evaluate Execute
Proposal:Demos/Lo Fi Prototypes(How)
Work together torealize the designin detail.
Evaluate withCustomers
DesignDiscovery
Customers, Products,Business, Marketing
Customers, Products,Business, Marketing
Customers, Products,Business, Marketing
Design Definition:- Design Problem Statement- Targeted User Roles (Who)- Targeted User Tasks (What)- Design Direction Statements
Specification:Hi Fidelity, Refined Design - Based on customer feedback - Foundation in product reality - Refined Design description
Storyboard
Customers: - Roles (Who) - Tasks (What) - Context (Stories)Marketing: - Business Priorities - MessagesTechnology: - Products - ArchitectureDesign: - Leading/competing technologies
Review & Iterate
based on slide by Sara Redpath, IBM & Thyra Trauch, Tivoli
User Interface Development Process
Design
• Design is driven by requirements– what the artifact is for– not how it is to be implemented– e.g., PDA not as important as “mobile” app.
• A design represents the artifact– for UIs these representations include (?)
• screen sketches or storyboards• flow diagrams/outline showing
task structure• executable prototypes
– representations simplify
Write essay start word processor write outline fill out outlineStart word processor find word processor icon double click on iconWrite outline write down high-level ideas
.
.
.
Usability Goals?
According to the ISO:The effectiveness, efficiency, and satisfaction with which specified users achieve specified goals in particular environments
• This does not mean you have to create a “dry” design or something that is only good for novices – it all depends on your goals
Usability Goals
– Learnable• faster the 2nd time & so on
– Memorable• from session to session
– Flexible• multiple ways to accomplish tasks
– Efficient• perform tasks quickly
– Robust• minimal error rates• good feedback so user can recover
– Pleasing• high user satisfaction
– Fun
• Set goals early & later use to measure progress• Goals often have tradeoffs, so prioritize• Example goals
User-centered Design
• Cognitive abilities– perception– physical manipulation– memory
• Organizational / job abilities • Keep users involved throughout
– developers working with target users– think of the world in users terms– understanding work process– not technology-centered/feature driven
• Observe existing work practices• Create examples and scenarios of actual use• “Try-out” new ideas before building software
?
Task Analysis & Contextual Inquiry
Rapid Prototyping
Fantasy Basketball
• Build a mock-up of design so you can quickly test
• Low fidelity techniques– paper sketches– cut, copy, paste
• Interactive prototyping tools– HTML, Visual Basic,
HyperCard, Director, Flash, DENIM, etc.
• UI builders– Visual Studio .NET,
JBuilder…
ESP
Evaluation
• Test with real users (participants)– w/ interactive prototype– low-fi with paper “computer”
• Build models– GOMS
• Low-cost techniques– expert evaluation– walkthroughs – online testing
Conceptual Models
• Mental representation of how object works & how interface controls affect it
• People may have preconceived models that are hard to change– (4 + 5) vs. (4 5 +)– dragging to trash?
• delete file but eject disk
• Interface must communicate model– visually– online help and documentation can help,
but shouldn’t be necessary
Refrigerator Controls
What is your conceptual model?
Normal Settings C and 5Colder Fresh Food C and 6-7Coldest Fresh Food B and 8-9Colder Freezer D and 7-8Warmer Fresh Food C and 4-1OFF (both) 0
A B C D E
7 6 5 4 3
• Now can you fix the problem?• Possible solutions
– make controls map to user’s model– make controls map to actual system
7 6 5 4 3
A B C D E
coolingunit
Actual Conceptual Model
• Users get model from experience & usage– through system image
• What if the two models don’t match?
Design Model User Model
System Image
Design Model & User Model
Conceptual Model Mismatch
• Mismatch between designer’s & user’s conceptual model leads to…– Slow performance– Errors
• And inability to recover– Frustration– ...
HCI-Security
• Make it “just work”– Invisible security
– Ex. SSL, HTTPS
• Train the user– Ex. Corporate training, military
– Unlikely for consumers, however
• Make security and privacy understandable– Make it visible
– Make it intuitive
– Use metaphors that users can relate to
HCI-Security
• Developers should not expect users to make decisions they themselves can’t make
1. Get the defaults right
2. “Present choices, not dilemmas”– Chris Nodder (in charge of user experience for XP SP2)
Firefox security assumptions
1. Users want to believe that their products are keeping them secure.
2. Users do not want to be responsible for, nor concern themselves with, their own security.
3. We know more about security than our users do.
- Blake Ross
Optimistic vs Pessimistic Security
• Pessimistic Security tries to prevent problems– Ex. Access control lists
– Basically anything that needs lots of configuration up front
• Optimistic Security tries to detect problems and fix afterwards– Ex. Emergency rooms
– Ex. Some help desks
– Ex. AT&T Friend Finder
• Depends on your goals, needs, and risks
Main Points of Today’s Talk
• People are a critical and often overlooked aspect of the systems we design
• We need to design systems that mesh well with people’s existing knowledge and abilities
• Otherwise, your security mechanisms will be:– Overlooked (leading people to do “the wrong thing”), or
– Subverted (so people can get their work done)
General HCIEmpathy
• Let’s say you’re an engineer• Developed a great VCR
– Uber-remote control
– High fidelity
– The whole works!
• However, complaints start coming in…– Can’t figure out how to record something
– Can’t figure out how to view TV channels when VCR on
– Can’t figure out how to change clock time
• Natural engineer reaction?
They must be stupid!
General HCIEmpathy
• Suppress this, and see things from their point of view• Slashdot, help desk jokes, etc
– Naïve users
– Naïve brain surgeon?
• We are designing systems for people• We want to see our systems succeed• Can be painful process, but empathy and respect for
users necessary to good design