Usable privacy and security researchbridges privacy/security and usability/HCI Usable Privacy&Security/Privacy Usability/HCI SecurityHumans are a secondary Humans are the primary Human factors andconstraint to constraint, security are both primarysecurity/privacy security/privacy rarely constraintsconstraints consideredHumans considered Concerned about human Concerned about bothprimarily in their role as error but not human normal users andadversaries/attackers attackers adversariesInvolves threat models Involves task models, Involves threat models mental models, cognitive AND task models, models mental models, etc.Focus on security Focus on usability Considers usability andmetrics metrics security metrics togetherUser studies rarely done User studies common User studies common, often involve deception + 2 active adversary
User-selected graphical passwords Usable Privacy&Security/Privacy Usability/HCI SecurityWhat is the space of Howdifficult is it for a All the security/privacypossible passwords? user to create, and usability HCI remember, and enter a questionsHow can we make the graphical password?password space larger to How long does it take? How do usersselectmake the password graphical passwords?harder to guess? How hard is it for users How can we help them to learn the system? choose passwordsHow are the stored harder for attackers topasswords secured? Are users motivated to predict? put in effort to createCan an attacker gain good passwords? As the password spaceknowledge by observing increases, what are thea user entering her Is the system accessible impacts on usabilitypassword? using a variety of factors and predictability devices, for users with of human selection?
How can we make secure systemsmore usable?• Make it “just work” – Invisible security – Automation• Make security/privacy understandable – Make it visible – Make it intuitive – Use metaphors that users can relate to – Human-centered design• Train the user 4
Better together• Examining security/privacy and usability together is often critical for achieving either• Examples – Passwords • Users cope with some measures to increase password security by behaving in predictable ways • Some efforts to make passwords easier also make it much easier for an attacker to guess a password – Access control • The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy – Privacy tools • Users who misunderstand how to use privacy tools don’t configure them properly • Some simple privacy tools don’t provide much protection 5
References• S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Ofpasswords and people: Measuring the effect of password-composition policies.CHI 2011.• R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011.• P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Cant Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012.See also related papers listed at http://cups.cs.cmu.edu/ 6