| This book is divided into 6 parts consisting of 34 chapters. Part I, Realigning Usability and Security In this part of the book, we state our premise: that security and usability can be synergistic. The chapters in this part argue that, with careful attention to user-centered design principles, significant progress can be made toward this goal: Chapter 1, Psychological Acceptability Revisited, by Matt Bishop, takes a new look at the question of how to align security and usability: although the need to consider usability in the design of security systems is recognized more now than it was in the past, designers still need to create systems that are easy to install, provide adequate protection mechanisms, and are unobtrustive to use. This is a solvable problem, and there is much work to do. Chapter 2, Usable Security, by M. Angela Sasse and Ivan Flechais, lays the groundwork for our volume. It argues that the actual security provided by a computer system is the product of human factors, policies, and security mechanisms. Ignore any one of them, and security suffers. Chapter 3, Design for Usability, by Bruce Tognazzini, states a truism that is ignored all too frequently: the goal of computer security professionals must be to build systems that are actually secure, rather than to build systems that are theoretically secure. Many security "compromises" in the interest of usability aren't compromises at allthey are frequently improvements, because the systems that are "theoretically secure" are so hard to use that people avoid or sabotage them in practice. Chapter 4, Usability Design and Evaluation for Privacy and Security Solutions, by Clare-Marie Karat, Carolyn Brodie, and John Karat, introduces tools for performing usability evaluations and shows how they can integrate into the product development life cycle. The chapter then describes how these tools were applied to two different security products at IBM. Chapter 5, Designing Systems That People Will Trust, by Andrew S. Patrick, Pamela Briggs, and Stephen Marsh, examines the issue of trust for security and privacy systems. The interface with which the end user interacts plays a central role in building or breaking that trust. It is the interfacewhether it is a computer screen, a web site, a standalone kiosk, or a telephone systemthat must convey all the features and limitations of the underlying service to the user. The authors show how successful trust designs can have a positive impact on both products and services.
Part II, Authentication Mechanisms The chapters in this part of the book take an in-depth look at techniques for identifying and authenticating computer users to systems that are both local and remote: Chapter 6, Evaluating Authentication Mechanisms, by Karen Renaud, considers the range of authentication systems that are currently available and presents a framework for evaluating their strengths and weaknesses. Chapter 7, The Memorability and Security of Passwords, by Jeff Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant, presents the results of a study of password usage among university students. The study finds that some conventional wisdom given in the choice and maintenance of passwords is correct, and other advice is "bunk." Chapter 8, Designing Authentication Systems with Challenge Questions, by Mike Just, considers the role of questions like "what is your mother's maiden name" and "who was your favorite teacher" for authenticating users. Challenge questions can be used very effectively for self-service password resetting and as an additional identifierespecially on systems that are rarely used. On the other hand, a poorly implemented challenge system can compromise security while simultaneously decreasing usability. Once again, careful design and analysis are required for favorable outcomes. Chapter 9, Graphical Passwords, by Fabian Monrose and Michael K. Reiter, considers systems that use password substitutes such as passfaces or other systems for graphical authentication. Although these systems are not popular today, their use might skyrocket in coming years as security managers struggle to find a solution to the problem of forgotten passwords. Monrose and Reiter evaluate the wisdom of such proposals. Chapter 10, Usable Biometrics, by Lynne Coventry, evaluates the applicability of biometrics for user identification and authentication. Although Coventry is interested primarily in the appropriateness of biometrics for automatic teller machines (ATMs), her findings are generally applicable. Chapter 11, Identifying Users from Their Typing Patterns, by Alen Peacock, Xian Ke, and Matt Wilkerson, evaluates keystroke dynamics as a potential biometric. This is an exciting biometric because it can be measured by practically every desktop and laptop computer on the planet; keystroke dynamics can also be measured passively by the operating systemor even covertly. Although this biometrics is relatively unused today, it has the potential to become widely adopted. Chapter 12, The Usability of Security Devices, by Ugo Piazzalunga, Paolo Salvaneschi, and Paolo Coffetti, compares the usability of smart cards, USB tokens, and multifunction USB tokens that include both memory and features for using private keys. The authors find that multifunction tokens address many of the usability problems experienced with smart cards in the past.
Part III, Secure Systems The chapters in this part of the book examine how system software can deliver or destroy a secure user experience: Chapter 13, Guidelines and Strategies for Secure Interaction Design, by Ka-Ping Yee, explores specific principles and techniques that can be used for aligning security and usability in the user interfaces of desktop operating systems. Chapter 14, Fighting Phishing at the User Interface, by Robert C. Miller and Min Wu, explores systems that have been proposed for web browsers and email systems to help users resist so-called "phishing" attacks. Chapter 15, Sanitization and Usability, by Simson Garfinkel, looks at a problem that is present in practically every computer on the planet: when users instruct their computer to "delete" information, the information isn't deletedit's simply made invisible. Garfinkel tracks the history of this problem, discusses the results of a research project that demonstrates the problem's seriousness, and then presents a concrete solution. Chapter 16, Making the Impossible Easy: Usable PKI, by Dirk Balfanz, Glenn Durfee, and D.K. Smetters, shows that many of the perceived difficulties in deploying systems based on public key infrastructure (PKI) technology can be simplified by scaling back expectations. Instead of using PKI to identify people, use it to identify computers. Instead of trying to come up with iron-clad techniques for making sure that certificates are uniquely validated, use physical locality as a proxy for trust, and give a certificate to any laptop that is present inside a secure room. Instead of trying to teach people how to use an overly complex interface, create a one-click installer that simplifies the interface under consideration. The result is that people will have a system that mostly worksa significant improvement over many of today's PKI deployments, which mostly don't work. Chapter 17, Simple Desktop Security with Chameleon, by A. Chris Long and Courtney Moskowitz, reports on an experimental system that applies the principles of compartmentalized workstations of the 1990s to 21st century desktop computing. By understanding user goals and typical roles, the authors have created a system that allows users to move from task to task, and protection level to protection level, with considerable fluidity. Chapter 18, Security Administration Tools and Practices, by Eser Kandogan and Eben M. Haber, applies ethnographic tools to the study of system administration and comes up with a surprising conclusion: despite the fact that there has been considerable work in the past 20 years on system administration tools, most administration work is painfully manual work based on the line-by-line analysis of voluminous log files. The best system administrators are programmers, cooking up quick scripts and programs to solve the problem of the minute. Is there hope? The authors think that there is. Based on their analysis of administrators' tasks, they make concrete proposals for future tool development.
Part IV, Privacy and Anonymity Systems This part of the book is devoted to systems that allow people to control the release of their personal information, enabling them to use the Internet in relative anonymity if they so desire: Chapter 19, Privacy Issues and Human-Computer Interaction, by Mark S. Ackerman and Scott D. Mainwaring, provides an overview of what human-computer interaction offers to those designing and studying privacy mechanisms. Chapter 20, A User-Centric Privacy Space Framework, by Benjamin Brunk, reports on Brunk's examination of 134 privacy-enhancing tools, systems, and services. He creates a definition of what is meant by the term privacy solution and maps out the space of features provided by different systems. As a result of this taxonomy, it's possible to compare different solutions in terms of what the competing approaches offer. Chapter 21, Five Pitfalls in the Design for Privacy, by Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay, evaluates a difficult-to-use interface that the authors have created for controlling one's privacy, and draws lessons from the project's mistakes. Chapter 22, Privacy Policies and Privacy Preferences, by Lorrie Faith Cranor, discusses the World Wide Web Consortium's Platform for Privacy Preferences (P3P) system and several prototype P3P user agents designed to warn users if their privacy desires are not in line with the privacy practices of the web site that they are visiting. One of Cranor's most important discoveries is that most people have little experience articulating their privacy preferencesmost people have never been asked to do so before. And because most people's privacy preferences are often complex and nuanced, people tend to make different decisions when the questions are posted in isolation versus when they are proposed in context. Chapter 23, Privacy Analysis for the Casual User with Bugnosis, by David Martin, discusses a plug-in for Microsoft's Internet Explorer that allows users to see and hear web bugsthose otherwise silent and invisible tracking devices that are pervasive on the Internet today. As Martin makes clear, his audience for Bugnosis was not the casual user: it was journalists. By making web bugs salient for them, Martin hoped that Bugnosis would help promote the cause of public education on this Internet surveillance system. Chapter 24, Informed Consent by Design, by Batya Friedman, Peyina Lin, and Jessica K. Miller, discusses how the underlying technologies of the Internet do and do not promote the principle of informed consent. Chapter 25, Social Approaches to End-User Privacy Management, by Jeremy Goecks and Elizabeth D. Mynatt, discusses Acumen, a browser plug-in that lets Internet users share information about how their friends, associates, and trusted opinion leaders view the privacy practices of various web sites. Instead of sharing reports or postings, Acumen does this by allowing users to learn how other users have decided to handle cookies. One of the delicious tensions in this project is the way that Acumen allows information that is inherently private to be shared in a manner that is, more or less, public. Chapter 26, Anonymity Loves Company: Usability and the Network Effect, by Roger Dingledine and Nick Mathewson, explores similar tensions in the design and deployment of anonymity technologysystems that allow users to browse the Web and communicate anonymously with one another.
Part V, Commercializing Usability: The Vendor Perspective The chapters in this part of the book look at specific experiences of security and software vendors in addressing the issue of usability: Chapter 27, ZoneAlarm: Creating Usable Security Products for Consumers, by Jordy Berson, a senior product manager at Zone Labs, relates his experiences with ZoneAlarm in producing a firewall that is used by tens of millions of naïve users on a daily basis. Chapter 28, Firefox and the Worry-Free Web, by Blake Ross, a lead developer on the Firefox project, discusses the specific decisions that have been made to make a web browser that works with users to create a secure online experienceinstead of tempting users into compromising their security. Chapter 29, Users and Trust: A Microsoft Case Study, by Chris Nodder, discusses similar usability and security decisions that went into the creation of Microsoft Internet Explorerand specifically the modifications to Explorer that were made as part of the work on Windows XP Service Pack 2. Chapter 30, IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications, by Mary Ellen Zurko, a longtime member of the Notes development team, discusses several specific security features in IBM Lotus Notes and Domino, a secure messaging system that has more than 100 million users, but yet whose security features are relatively hidden. Chapter 31, Achieving Usable Security in Groove Virtual Office, by George Moromisato, Paul Boyd, and Nimisha Asthagiri, shows how security properties similar to those offered by Notes/Domino can be achieved in a peer-to-peer environment where users are largely responsible for their own security.
Part VI, The Classics This part of the book is our collection of classic papers on security and usability that everybody should read! Chapter 32, Users Are Not the Enemy, by Anne Adams and M. Angela Sasse, and previously published in Communications of the ACM, discusses the results of a user study measuring password compliance at a major corporation in the 1990s. Adams and Sasse found that even though users may be the weakest link in the chain, they don't want to be the weakest link in the chain. Organizations must work to give users the information and the tools necessary so that they can be part of the solution. Chapter 33, Usability and Privacy: A Study of KaZaA P2P File Sharing, by Nathaniel S. Good and Aaron Krekelberg, and previously published at the prestigious ACM CHI Conference on Human Factors in Computing Systems, discusses the results of a study in which users of the popular KaZaA file-trading program were astonished to discover just how much information the program actually makes available to others on the Internet. Chapter 34, Why Johnny Can't Encrypt, by Alma Whitten and J. D. Tygar, and previously published at the USENIX Security Conference, shows that even highly acclaimed security programs with allegedly easy-to-use interfaces can nevertheless have profound usability problems because of inherent properties in security software.
|
