Bootstrapping Ubicomp

Document Sample
Bootstrapping Ubicomp Powered By Docstoc
					Human Computer Interaction,
Security, and Privacy


                      Jason I. Hong
Everyday Security Problems
Everyday Security Problems
Everyday Security Problems
Everyday Security is Important

•   People increasingly asked to make trust decisions
    – Open this email attachment?
    – Install and run this software?
    – Enter username and password?

•   Consequence of wrong trust decision can be dramatic
    – Spyware
    – Malware (viruses, worms)
    – Identity theft



•   But these trust decisions only part of
    bigger picture of usable privacy and security…
Costs of Unusable Security & Privacy High

 •   Still lots of unpatched Windows machines
 •   Phishing web sites increasing by 28% each month
 •   Lots of PCs infected with spyware
 •   Users have more passwords than they can remember
     and practice poor password security
 •   Enterprises store confidential information on laptops
     and mobile devices that are frequently lost or stolen
Grand Challenge

“Give end-users
 security controls they can understand
 and privacy they can control for
 the dynamic, pervasive computing
 environments of the future.”
         - Computing Research Association 2003
Good Usability is Key

•   Still lots of unpatched Windows machines
•   Phishing web sites increasing by 28% each month
                        • Design / implementation failure,
•   Lots of PCs infected with spyware (avg. = 25)
                        but…
•   Users have more passwords than they can remember
    and practice poor•password security
                          Not man-in-middle
•   Enterprises store • Not encryption failure on laptops
                        confidential information
                        • A lot of people don’t realize you
    and mobile devices that are frequently lost or stolen
                     have to keep system up to date
Good Usability is Key

•   Still lots of unpatched Windows machines
•   Phishing web sites increasing by 28% each month
•   Lots of PCs infected with spyware (avg. = 25)
                        • SSL, email headers, certificates,
•   Users have more passwords than they can remember
                        URLs pretty much all in place
    and practice poor password security
•                       confidential information simple
    Enterprises store • A lot of people still fall foron laptops
    and mobile devices that are frequently lost or stolen
                        attacks, just straight email
                          • Don’t realize mail is spoofable
                          • Can’t differentiate fake sites
                          from real web sites
Main Points of Today’s Talk

•   People are a critical and often overlooked aspect of
    the systems we design

•   We need to design systems that mesh well with
    people’s existing knowledge and abilities

•   Otherwise, your security mechanisms will be:
    – Overlooked (leading people to do “the wrong thing”), or
    – Subverted (so people can get their work done)
Outline

•   Whirlwind Overview of HCI-Security
    – Passwords
    – File permissions
    – Web
•   Design Guidelines
Outline

•   Whirlwind Overview of HCI-Security
    – Passwords
    – File permissions
    – Web
•   Design Guidelines
Passwords
Typical Advice


•   Pick a hard to guess password
•   Don’t use it anywhere else
•   Change it often
•   Don’t write it down

•   Implications?
Many Homes and Offices
Solutions?

•   Password Keeper Software
    – Run on PC, in web browser, or handheld
    – Only remember one password


•   Single sign-on
    – Login once to get access to all your passwords


•   PwdHash Web Browser plug-in (Stanford)
    – User only needs to remember one password
    – Automatically hashed by web site
Biometrics
Graphical Passwords
“Forgotten Password” Mechanism

•   Email password or magic URL to address on file
•   Challenge questions




                           For all practical
                           purposes, this is the
                           standard way to access
                           infrequently used sites
Summary: Solving the password
proliferation problem

•   Existing solutions (password keepers and fingerprint
    readers) let users to cope, but still have problems
•   Graphical passwords look promising, but more
    research needed
•   Need to think about solutions that eliminate
    passwords altogether
    File Permissions

•   Rob Reeder and Roy Maxion
    (here at CMU)

•   Old MS Windows file sharing
    UI

•   Let’s say you wanted to make
    sure user Alice couldn’t see
    your files
    – (or let unscrupulous Republican
      aides see your files)
Steps to Do Check Permissions
Salmon User Interface
Salmon User Interface


       • Add users you are interested in
       seeing or modifying permissions for
Salmon User Interface




        • Expand file permissions
        • (Turns out that in user studies, some
        people didn’t realize Change
        Permissions and Take Ownership also
        had to be changed)
        • Still a lot of permissions, perhaps
        collapse into most important
Salmon User Interface
         • Preview effects of permissions before
         making changes
         • Shows effective permissions after
         merging all user and group permissions
Kazaa File Sharing Study

•   Good and Krekelberg, CHI 2003
•   Given an arbitrary setup of Kazaa, would people
    be able to understand what files could in theory be
    downloaded by others?
Kazaa File Sharing Study
Kazaa File Sharing Study
Kazaa File Sharing Study
Kazaa File Sharing Study

•   Three main problems with Kazaa UI
    – Any guesses?
Kazaa File Sharing Study

•   Three main problems with Kazaa UI
    – Downloaded files folder is also shared folder
      •  Users have to realize this, or very bad things happen
Kazaa File Sharing Study

•   Three main problems with Kazaa UI
    – Downloaded files folder is also shared folder
    – Kazaa recursively shares folders
      •  Again, users have to know this beforehand
Kazaa File Sharing Study

•   Three main problems with Kazaa UI
    – Downloaded files folder is also shared folder
    – Kazaa recursively shares folders
    – Inconsistent views
      •   Two UIs for doing similar tasks, but show different
          information about state of system
Kazaa File Sharing Study

•   12 users, 10 had used file sharing before
•   Figure out what files are being shared by Kazaa
    – Download files set to C:\   (ie all files on hard drive C:)

•   Results
    – 5 people thought it was “My Shared Folder”
       • which one UI did suggest
    – 2 people used Find Files to find all shared files
       • This UI had no files checked, thus no files shared?
    – 2 people used help, said “My Shared Folder”
    – 1 person couldn’t figure it out at all
    – Only 2 people got it right
Summary: File Sharing

•   Understanding what is and isn’t being shared is
    difficult
    – But can lead to bad situations
    – Need to make an “invisible” aspect of system “visible”


•   Need to make controls simple
•   Need to provide useful feedback

•   More on this in the Design part of talk…
Outline

•   Whirlwind Overview of HCI-Security
    – Passwords
    – File permissions
    – Web
•   Design Guidelines
User Conceptions of Web Security

•   Friedman et al, CHI2003
•   What do people think the lock icon in browsers mean?

•   Survey of 72 people
    – 24 rural Maine
    – 24 suburban NJ
    – 24 high-tech CA
User Conceptions of Web Security

•   Recognize a secure connection vs non-secure
    – About half could (https, lock icon)


•   Participants asked to draw a secure connection
    – ~40% got a “right” answer
    – 14% people thought of it as a secure place vs
      secure in transit
       • Ex. Data safe on server and protected by firewall



•   High-tech people not always accurate
Web Cookies

•   Cookies are small pieces of data for tracking
    – Session state, personalization, etc


•   Can also be potential privacy risk
    – DoubleClick, web image bugs


•   Public understanding of cookies and implications
    slowly growing
Providing Better Awareness
Acumen Collaborative Filtering
Summary: Web

•   Users conceptions of security don’t always match
    system designers

•   Current browser cookie interfaces still don’t make
    sense to users
•   New approaches should be explored and tested
    – Make cookies more visible
    – Use community recommendations to manage cookies
Outline

•   Whirlwind Overview of HCI-Security
    – Passwords
    – File permissions
    – Web
•   Design Guidelines
Design Guidelines

•   Whole courses you can take

•   Two parts today:
    – General human-computer interaction (most)
    – Specific to hci-security (unfortunately short)
HCI Approach to UI Design
                                        Organizational &
                            Tasks        Social Issues




                            Design

        Technology                    Humans




•   Other considerations we won’t look at
    – Business models, level of fun
    Myths about Good Design
•   Myth 1: Good design is just common sense
     – why are there so many bad web sites? hard to use apps?
•   Myth 2: Only experts create good designs
     – experts faster, this course is on simple and effective
       techniques anyone can apply
•   Myth 3: We can fix the user interface at the end
     – good design is more than just user interface
     – having right features, building those features right
•   Myth 4: Good design takes too long / costs too much
     – simple and effective techniques that can reduce total
       development time & cost (finds problems early on)
    Myths about Good Design (cont.)
•   Myth 5: Good design is just cool graphics
     – graphics part of bigger picture of what to communicate & how
•   Myth 6: Customers can rely on documentation & help
     – help is the last resort of a frustrated customer
•   Myth 7: Marketing takes care of understanding
    customer needs
     – does not help you understand behavior
     – what people say vs. what they do and what they actually need
•   Myth 8: Quality Assurance ensures our product works
     – QA makes sure product meets specification, not what happens
       w/ real customers on real problems
Who Builds User Interfaces?

•   A team of specialists (ideally)
    –   graphic designers
    –   interaction / interface designers
    –   information architects
    –   technical writers
    –   marketers
    –   test engineers
    –   usability engineers
    –   software engineers
    –   users
How to Design and Build UIs

•   User interface design process
•   Usability goals
•   User-centered design
•   Task analysis & contextual inquiry
•   Rapid prototyping
•   Evaluation
•   Programming
    User Interface Development Process
                     Customers, Products,                                      Customers, Products,   Customers, Products,
                      Business, Marketing                                       Business, Marketing    Business, Marketing



                             Design                        Design
                                                                                             Evaluate                        Execute
                            Discovery                    Exploration


                         Customers:                                                                                     Work together to
                           - Roles (Who)                                                                                realize the design
                           - Tasks (What)                                                                               in detail.
                           - Context (Stories)
                         Marketing:                                                                                     Evaluate with
                           - Business Priorities                                                                        Customers
                           - Messages
                         Technology:
                           - Products
                           - Architecture                         Storyboard              Review & Iterate
                         Design:
                           - Leading/competing
                             technologies




                                  Design Definition:                           Proposal:                Specification:
                                  - Design Problem Statement                   Demos/                   Hi Fidelity, Refined Design
based on slide by Sara            - Targeted User Roles (Who)                  Lo Fi Prototypes          - Based on customer feedback
Redpath, IBM &                    - Targeted User Tasks (What)                 (How)                     - Foundation in product reality
Thyra Trauch, Tivoli              - Design Direction Statements                                          - Refined Design description
Iteration

At every stage!

                         Design


     Prototype




                  Evaluate
Design
•   Design is driven by requirements
    – what the artifact is for
    – not how it is to be implemented
    – e.g., PDA not as important as “mobile” app.
•   A design represents the artifact
    – for UIs these representations include (?)
       • screen sketches or storyboards
                                            Write essay
       • flow diagrams/outline showing        start word processor
                                              write outline
         task structure                       fill out outline
                                            Start word processor
       • executable prototypes                find word processor icon
                                              double click on icon
    – representations simplify              Write outline
                                              write down high-level ideas
                                                               .
                                                               .
                                                               .
Web Design Representations
   Site Maps         Storyboards




    Schematics       Mock-ups
Usability Goals?

According to the ISO:
  The effectiveness, efficiency, and satisfaction with
  which specified users achieve specified goals in
  particular environments




•   This does not mean you have to create a “dry” design
    or something that is only good for novices – it all
    depends on your goals
  Usability Goals
 •   Set goals early & later use to measure progress
 •   Goals often have tradeoffs, so prioritize
 •   Example goals

– Learnable                              – Efficient
   • faster the 2nd time & so on            • perform tasks quickly

– Memorable                              – Robust
                                            • minimal error rates
   • from session to session
                                            • good feedback so user can
– Flexible                                     recover
   • multiple ways to accomplish tasks   – Pleasing
                                            • high user satisfaction
                                         – Fun
User-centered Design


•   Cognitive abilities
    – perception
    – physical manipulation
    – memory
•   Organizational / job abilities
•   Keep users involved throughout
    –   developers working with target users
    –   think of the world in users terms
    –   understanding work process
    –   not technology-centered/feature driven
Task Analysis & Contextual Inquiry

•   Observe existing work practices
•   Create examples and scenarios of actual use
•   “Try-out” new ideas before building software




                                    ?
Rapid Prototyping

•   Build a mock-up of design
    so you can quickly test
•   Low fidelity techniques
    – paper sketches
    – cut, copy, paste
•   Interactive prototyping
    tools
    – HTML, Visual Basic,
      HyperCard, Director, Flash,
      DENIM, etc.
•   UI builders
    – Visual Studio .NET,
      JBuilder…                     Fantasy Basketball
Low-fi Sketches & Storyboards
Low-fi Sketches & Storyboards
ESP
Evaluation

•   Test with real users
    (participants)
    – w/ interactive prototype
    – low-fi with paper “computer”
•   Build models
    – GOMS
•   Low-cost techniques
    – expert evaluation
    – walkthroughs
    – online testing



                                     ESP
Conducting a Test
Conducting a Test
Conceptual Models

•   Mental representation of how object works &
    how interface controls affect it
•   People may have preconceived models that
    are hard to change
    – (4 + 5) vs. (4 5 +)
    – dragging to trash?
       • delete file but eject disk

•   Interface must communicate model
    – visually
    – online help and documentation can help,
      but shouldn’t be necessary
Refrigerator

                                    freezer




                                 fresh food




     Problem: freezer too cold, but fresh food just right
Refrigerator Controls

      Normal Settings              C and 5
      Colder Fresh Food            C and 6-7
      Coldest Fresh Food           B and 8-9
      Colder Freezer               D and 7-8
      Warmer Fresh Food            C and 4-1
      OFF (both)                         0

       A B C D E           7   6   5 4   3


      What is your conceptual model?
A Common Conceptual Model


               A B C D E
                                 cooling
                                  unit


              7   6   5 4   3

                                 cooling
                                  unit


          independent controls
Actual Conceptual Model

                         A B C D E



                                             cooling
                                              unit


                           7   6   5 4   3

•   Now can you fix the problem?
•   Possible solutions
    –   make controls map to user’s model
    –   make controls map to actual system
Design Model & User Model


     Design Model                     User Model




                    System Image


 •   Users get model from experience & usage
     – through system image
 •   What if the two models don’t match?
Conceptual Model Mismatch

•   Mismatch between designer’s & user’s conceptual
    model leads to…
    – Slow performance
    – Errors
        • And inability to recover
    – Frustration
    – ...
HCI-Security

•   Make it “just work”
    – Invisible security
    – Ex. SSL, HTTPS
•   Train the user
    – Ex. Corporate training, military
    – Unlikely for consumers, however
•   Make security and privacy understandable
    – Make it visible
    – Make it intuitive
    – Use metaphors that users can relate to
HCI-Security

•   Developers should not expect users to make
    decisions they themselves can’t make

1. Get the defaults right
2. “Present choices, not dilemmas”
    – Chris Nodder (in charge of user experience for XP SP2)
Firefox security assumptions

1.   Users want to believe that their products are keeping
     them secure.
2.   Users do not want to be responsible for, nor concern
     themselves with, their own security.
3.   We know more about security than our users do.
                                  - Blake Ross
Optimistic vs Pessimistic Security

•   Pessimistic Security tries to prevent problems
    – Ex. Access control lists
    – Basically anything that needs lots of configuration up front


•   Optimistic Security tries to detect problems and fix
    afterwards
    – Ex. Emergency rooms
    – Ex. Some help desks
    – Ex. AT&T Friend Finder


•   Depends on your goals, needs, and risks
Main Points of Today’s Talk

•   People are a critical and often overlooked aspect of
    the systems we design

•   We need to design systems that mesh well with
    people’s existing knowledge and abilities

•   Otherwise, your security mechanisms will be:
    – Overlooked (leading people to do “the wrong thing”), or
    – Subverted (so people can get their work done)
Further Reading




                  http://cups.cs.cmu.edu/soups/
General HCI
Empathy


•   Let’s say you’re an engineer
•   Developed a great VCR
    – Uber-remote control
    – High fidelity
    – The whole works!


•
               They must coming in…
    However, complaints start be stupid!
    – Can’t figure out how to record something
    – Can’t figure out how to view TV channels when VCR on
    – Can’t figure out how to change clock time


•   Natural engineer reaction?
General HCI
Empathy


•   Suppress this, and see things from their point of view
•   Slashdot, help desk jokes, etc
    – Naïve users
    – Naïve brain surgeon?


•   We are designing systems for people
•   We want to see our systems succeed
•   Can be painful process, but empathy and respect for
    users necessary to good design

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:46
posted:9/18/2012
language:English
pages:81