+ Risk Communication Theory, Design, Results Jean Camp, + Goals n - - PowerPoint PPT Presentation

+

Risk Communication Theory, Design, Results

Jean Camp,

+Goals

n How do you describe security &

privacy risks in a way that communicates the risks and options?

n Risk Communication n Ambient Risk Communication n Action-based Risk Communication

+Let Me Explain This To the User

+Design for Humans Requires Designing for Humans

+Design for Humans Requires Designing for Humans

Smoking is a factor which contributes to lung cancer. Most cancers that start in lung, known as primary lung cancers, are carcinomas that derive from epithelial cells. Depending on the type of tumor, so-called paraneoplastic phenomena may initially attract attention to the disease. In lung cancer, these phenomena may include Lambert-Eaton myasthenic syndrome (muscle weakness due to auto-antibodies), hypercalcemia, or syndrome

• f inappropriate antidiuretic hormone (SIADH). Tumors in the

top (apex) of the lung, known as Pancoast tumors, may invade the local part of the sympathetic nervous system, leading to changed sweating patterns and eye muscle problems (a combination known as Horner's syndrome) as well as muscle weakness in the hands due to invasion of the brachial plexus.

+Security is Risk

n All we have to do is get the numbers right n All we have to do is tell them the numbers n All we have to do is explain what the numbers mean n All we have to do is show them that they’ve accepted/

rejected similar risks in the past

n All we have to do is show them that it’s a good deal for

them

n All we have to do is treat them nice n All we have to do is make them partners n All of the above

Risk Perception and Communication Unplugged: Twenty Years of Process 1995

Baruch Fischhoff

+Goal of Risk Communication

n Change behavior

n All we have to do is show them that they’ve accepted/

rejected similar risks in the past

n All we have to do is show them that it’s a good deal for them

n Create a Partnership

n The right hat for the right context

+Learn From Other Domains

n Seat belts must be worn n Communication must be timely

+Make Risk Mitigation Available

n Free condoms vs. education n Solutions must be available and usable.

+Ambient acceptable Levels of Risk

n Anti lock breaks increase risk-taking

behavior,

n Respect their risk thermostat

+Specific User

n Look for archetypes and categories

n Mental model communication

n Expertise

n Experience questions n Expertise questions n Knowledge was original control variable, confirmed with phishing ID

n Individual characteristics

n Expertise n Demographics

n P. Rajivan, P. Moriano, T. Kelley and J. Camp, “What Can Johnny

Do?–A study of factors that influence security expertise in end- users”, International Symposium on Human Aspects of Information Security & Assurance, Frankfurt, Germany, (HAISA 2016) 19-21 July 2016.

+Goals

n How do you describe security &

privacy risks in a way that communicates the risks and options?

n Risk Communication

n Ambient Risk Communication n Risk Averse Browsing n Action-based Risk Communication n Creating a password n Downloading an app

+Empower People to Avoid Risk

n Phishing n Pharming n Malicious downloads n Malicious scripts n Rogue or misleading certs n Network traffic exposure n Password reuse

n Comprehensive threat landscape

+First Identify Risk

n Modular architecture to identify risk

n White list/black list n Domain names, certificates, scripts, networks n Reputation n Domain names: familiarity, history, linear over time n Certificates: decision tree with observation & attributes n Scripts: familiarity, publisher n Network connection: familiarity, polities

+Second, Communicate Risk

n Model users n Communicate mental models n Be nice

+ Third, Enable Risk Mitigation

n High Risk n No action n Medium Risk n Domain names, Certificates n Generate warning above a

thresh hold

n Block black list n Script n Block black list n Block categories (iFrame, flash) n Block plug-in, video n Networks n Warn unencrypted

§ Low Risk

§ Domain names, Certificates § Generate warning above a thresh hold § Block all but white list § Script § Block all but white list § Blocked images, plug-in, videos, redirects, javascript § Networks § Did not allow passwords

• ver unencrypted

+

Expert modules build risk picture Passwords

Identify & Communicate Risk

Mental models

Dialog specification History Observed settings, network activity

Blackboard

Ontology, probabilistic fusion

Network Context Web Context User Context Scipts Intelligent Interaction Dialog generation Security reconfig

User decisions Browser settings

Certificates WiFi Risk Profile

+Empower Informed Choice

n The communication is the control

n Simple Controls n Use mental models n End to end risk measurement n For one person one button was too much!

+Actions Allowed with Warnings

+Behavior Changed

n Changed human behavior: Cumulative Risk

Reduction

n Most people changed settings n Browsed at different risk level n Large number of scripts blocked, certs rejected n Passwords will be transmitted in the clear n Setting at per-site basis

+Clear Risks & Benefits

I am the pig. That Pig is dead.

+Goals

n How do you describe privacy risks in

a way that communicates the risks and options?

n Risk Communication

n Ambient Risk Communication n Action-based Risk Communication n Creating a password n Downloading an app

+Passwords Could be Usable

n Make it hard to be a phishing victim n Simplify password creation n Simplify unique passwords n Support contextual recall n Confuse non-contextual recall n Respecting the limits and abilities of the

human

+Creating Partnerships

n Support human cognition

n Heuristics n Memory n Passwords

n L Jean Camp, Jacob Abbott, and Siyu Chen,

“CPasswords: Leveraging Episodic Memory and Human-Centered Design for Better Authentication” Hawaii International Conference on System Sciences, (Kauai, HI) 5-9 Jan 2016.

+Support Human Memory

n Episodic or visual memory n Story telling n Memory cues n Entropy provided

n Image selection n Single level substitution

+Randomness from Prompts

jumping on the desk holding forty-two paper clips and tape

+Recall from Memory Cues

+Four Groups

n Nothing n Rule n Rule & picture prompt n Rule & reminder n Significance

n Entropy n Simple measure n Range of characters n Length n Recall

+Summary

+Recall v Entropy

+Goals

n How do you describe privacy risks in

a way that communicates the risks and options?

n Risk Communication

n Ambient Risk Communication n Action-based Risk Communication n Creating a password n Downloading an app

+Support Decision-Making: App

n Application Benefits

n User Rating n Popularity n Uninstalls

n Application Risk

n Information requests n Permissions-based n Prashanth Rajivan & Jean Camp, “Too Much Too Late:

Influence of risk communication on Android App installations”, School of Informatics and Computing Technical Report TR724 (Feb 2016)

+Permissions Intent & Action

+Buy Why Would They

+Android Risks & Benefits

Also locks and eyeballs

+First & Second Choice There Was No Trade-Off

Trade-offs and informed decisions enabled higher privacy, lower risk choices

+Changed User Choice with Priming

+Support Decision-Making with

• partnership. Be nice.

n Passwords

n More entropy

n Easier to create, recall in context

n Browser

n Easier to avoid risk

n Obvious benefit, clear communication, less risk

n App Selection

n Possible to make decisions on risk

n Support risk-mitigating decisions

+Other Related Work!

n L. Jean Camp, “Bringing Mental Models to Privacy and Security” IEEE Technology And

Society Magazine, 28 (3) 37-46 (2009).

n V

. Garg, and L. Jean Camp, “Heuristics and Biases: Implications for Security Design”, IEEE Technology & Society, 32.1: 73-79. (2013).

n Vaibhav Garg and L Jean Camp, “Cars, Condoms, and Facebook”, ISC 2013 (Dallas,

Texas) 13-15 November 2013.

n aine, K. E., Zimmerman, C. Y., Schall-Zimmerman, Z., Hazlewood, W

. R., Camp, L. J., Connelly, K. H., Huber, L. L, & Shankar, K, “DigiSwitch: A device to allow older adults to monitor and direct the collection and transmission of health information collected at home”, Journal of Medical Systems Vol. 35, No. 5, 1181-1195 (2011).

n L. Jean Camp, “Re-conceptualizing the Role of Security User”, Daedalus, Vol. 140 No. 4

(2011).

n Farzeneh Asgapour, Debin Liu and L. Jean Camp, “Risk Communication in Computer

Security using Mental Models”, WEIS 2007, (Pittsburgh, PA) 5-6 June 2007.

Acknowledgements!

+Next Problem & Impact

n IoT

n Protect Your Device n Clean Your Device n Without creating a mechanism for attackers that does more

harm than good.

n Distinguish attacker from updater

n Basic Approach

n First draft n Facilitated brainstorming -> redesign n Focus group -> redesign n Qualitative A/B (C/D ..) test -> redesign n In situ experiment

+

Questions?