smartphone based access control adventures in usability
play

Smartphone based Access Control: Adventures in Usability Lujo Bauer - PowerPoint PPT Presentation

Jan 27, 2024 •398 likes •925 views

Carnegie Mellon Smartphone based Access Control: Adventures in Usability Lujo Bauer Carnegie Mellon Device enabled Authorization Smartphones on a trajectory to win in the market Stand to inherit mobile phone market that

  1. Carnegie Mellon Smartphone ‐ based Access Control: Adventures in Usability Lujo Bauer

  2. Carnegie Mellon Device ‐ enabled Authorization � Smartphones on a trajectory to “win” in the market � Stand to inherit mobile phone market that shipped over 1.1 billion units in 2008 [IDC]— or more than one phone per six people in the world � Unique combination of capabilities � Computation, communication, user interface � Goal: to use smartphones to intelligently control environment � Loan you my car without giving you my phone � Send money from my phone to my friend’s phone � Give my secretary temporary access to my email without revealing information (e.g., password) that could be used at a later time � Use my phone to open my hotel room door, without ever stopping by the front desk … and do it all from a distance 2

  3. Carnegie Mellon Grey Deployment � Universal, flexible, end ‐ user ‐ driven access ‐ control system for physical and virtual resources � Deployed in Carnegie Mellon’s Collaborative Innovation Center � Approximately 35 Grey ‐ capable doors and 30+ users at the moment � Grey ‐ compatible Windows XP, Vista and Linux login modules � Plus a deployment in progress at UNC Chapel Hill 3

  4. Carnegie Mellon Grey: An Example Scenario • Lujo’s students are allowed in 2121 • Faculty are allowed in 2121 • At CMU, Lujo’s secretary speaks on behalf of Lujo Lujo must … authorize access I need to grade the midterms for Lujo’s class Lujo Lujo’s Office, 2121 Scott 4

  5. Carnegie Mellon Grey: An Example Scenario Lujo Scott Lujo’s Office, 2121 1. Hi, Please open 2121 Provable if Lujo says: This is Lujo’s Generate credential 2. Prove Lujo says open 2121 • Open 2121 Scott is • Scott speaks for Lujo belief. I’ll ask stating Scott’s desire a student. • Scott is a student Lujo for help. to open 2121 • Scott is faculty • … 3. Prove Scott says open 2121 → Lujo says open 2121 4. Proof of Scott says open 2121 → Lujo says open 2121 5. Proof of Lujo says open 2121 5

  6. Carnegie Mellon Grey: An Example Scenario Lujo Scott Lujo’s Office, 2121 1. Hi, Please open 2121 2. Prove Lujo says open 2121 � High assurance � Rich audit logs � Flexibility in policies 3. Prove Scott says open 2121 → Lujo says open 2121 4. Proof of Scott says open 2121 Digitally signed … assembled in a formal, → Lujo says open 2121 credentials ... 5. Proof of Lujo says open 2121 mechanically verifiable proof 6

  7. Carnegie Mellon 7

  8. Carnegie Mellon [w/ Reiter, Cranor, others] Some Research Challenges � Logics for access control [ESORICS 2006, NDSS 2007, SACMAT 2009] � Distributed theorem proving [IEEE S&P 2005, ESORICS 2007] � Helping users configure access ‐ control policies [CHI 2008a, SACMAT 2008, CMU TR 2009] � Improving usability / evaluating usefulness in practice [SOUPS 2007, CHI 2008b] 8

  9. Lessons Learned From the Deployment of a Smartphone-Based Access-Control System Lujo Bauer, Lorrie Cranor, Michael K. Reiter and Kami Vaniea C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/

  10. Carnegie Mellon Deployment Study Research Question � Can a smartphone ‐ based access control system gain acceptance? � Our contribution is to illustrate how six design principles manifest themselves in a smartphone ‐ based access ‐ control system 10

  11. Carnegie Mellon Deployment Study Grey Field Trial � Year long study � 19 users � Periodic interviews � Analysis of log data 11

  12. Carnegie Mellon Deployment Study Field Trial: Participants � Solicited from those who need access to resources protected by Grey � 6 computer science and engineering faculty � 9 computer science and engineering graduate students � 3 technical staff � 1 administrative assistant 12

  13. Carnegie Mellon Deployment Study Field Trial: Environment � 5 perimeter doors to a large research area (locked at 6pm) � 11 offices � 2 storage closets � 1 conference room � 1 lab space � 1 machine room 13

  14. Carnegie Mellon Deployment Study Field Trial: Interview Procedure � Interviewed participants � Security practices � Types of resources managed and needed � Gave participants a smartphone with Grey pre ‐ installed and brief instruction on use � Interviewed one month later � Changes in security practices � Resource management activity � General reactions to Grey � Additional interviews as needed 14

  15. Carnegie Mellon Deployment Study Data � Audiotaped over 30 hours of interviews � Logged 19,500 Grey access requests � Active users averaged 12 access a week � Five users accessed their office almost exclusively with Grey � Three users gave away their keys � Users interacted with an average of 7.4 different doors during the study 15

  16. Carnegie Mellon Deployment Study Overall Usage 16

  17. Carnegie Mellon Deployment Study Lessons Learned � Observed how six known principles apply to the design of applications based on emerging technology 17

  18. Carnegie Mellon Deployment Study Principle 1 � Perceived speed and convenience are critical to user satisfaction and acceptance 18

  19. Carnegie Mellon Deployment Study Perceived Speed � Users quickly began to complain about speed and convenience � We knew Grey and keys required similar amounts of time to open a door � Videotaped a highly trafficked door to better understand how doors are opened differently with Grey and keys 19

  20. Carnegie Mellon Deployment Study Videotaping � Videotaped participants accessing kitchenette door � Videotaped two hours daily after 6pm for two weeks � 18 users taped � 5 Grey participants � 13 additional participants were solicited as they passed through the door 20

  21. Carnegie Mellon Deployment Study Door Access Average Times 21

  22. Carnegie Mellon Deployment Study Principle 2 � A single failure can strongly discourage adoption 22

  23. Carnegie Mellon Deployment Study A Single Failure � Cost of failure is potentially high � Rebooting a phone or door was considered very inconvenient � Several users stopped using Grey actively after a single inopportune failure 23

  24. Carnegie Mellon Deployment Study Delays Interpreted as Failures � Delays can be interpreted as failures even when the system is functioning perfectly � Humans can be slow or unresponsive � Providing feedback on the status of the request is very important � Did it arrive? � Is a human currently responding? 24

  25. Carnegie Mellon Deployment Study Principle 3 � Users won’t use features they don’t understand 25

  26. Carnegie Mellon Deployment Study Confusing Features � Users would rather choose a suboptimal solution that they understand than one with an uncertain outcome � Initially tried for terse interface (top) � Adopted wizard solution (bottom) 26

  27. Carnegie Mellon Deployment Study Principle 4 � Systems that benefit from the network effect are often untenable for small user populations 27

  28. Carnegie Mellon Deployment Study Network Effect � A service becomes more valuable as more people use it � Our participants were selected so that their work network included others with Grey � Still had many people who would have benefited if Grey participant could have given access 28

  29. Carnegie Mellon Deployment Study Jim’s Colleagues Bob Marie Lillian No Grey Jim Frank Sue Mark Jake Joe Have Grey 29

  30. Carnegie Mellon Deployment Study Principle 5 � Low overhead for creating and changing policies encourages policy change 30

  31. Carnegie Mellon Deployment Study Policy Change � Using Grey our participants successfully granted and received more access than they previously had � Participants granted new access because it was convenient � Covered further in technical report � L. Bauer, L. Cranor, R. W. Reeder, M. K. Reiter and K. Vaniea. Comparing access ‐ control technologies: a study of keys and smartphones, Technical Report CMU ‐ CyLab ‐ 07 ‐ 005. http://www.cylab.cmu.edu/default.aspx?id=2284 31

  32. Carnegie Mellon Deployment Study Principle 6 � Unanticipated uses can bolster acceptance 32

  33. Carnegie Mellon Deployment Study Unanticipated Uses � Unlocking door from inside the office without having to stand � Unlocking nearby door for someone else without leaving office 33

  34. Carnegie Mellon Deployment Study Discussion � Users treat Grey like an appliance � Low tolerance for failure � Advanced functionality wasn’t always used � Education and background seemed to have little effect on usage 34

  35. A User Study of Policy Creation in a Flexible Access-Control System Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea

  36. Carnegie Mellon Policy ‐ creation Study Our Question � How well do implemented access ‐ control policies match ideal access ‐ control policies? � In other words: are users able to create access ‐ control policies that do what they want? 36

  37. Carnegie Mellon Policy ‐ creation Study Study Overview � Interviewed participants about their current access control practices � Gave participants a Grey phone � Periodically interviewed � Used interviews to create policy maps for each resource owner’s ideal, key and Grey policy � Counted number of potential false rejects and accepts based on the policies 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

detection with algorithm-based and dermatologist-based smartphone applications: Towards improved

detection with algorithm-based and dermatologist-based smartphone applications: Towards improved

The current state of melanoma detection with algorithm-based and dermatologist-based smartphone applications: Towards improved healthcare access in the Hawaiian Islands Michael Tee MD, PhD University of Hawaii April 4, 2019 Disclosures No

518 views • 15 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Some Usability Some Usability Some Usability Considerations in Considerations in

Some Usability Some Usability Some Usability Considerations in Considerations in

Some Usability Some Usability Some Usability Considerations in Considerations in Considerations in Access Control Systems Access Control Systems Access Control Systems - A Position Paper A Position Paper - - - - A Position Paper -

211 views • 17 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists May 31, 2005 ECS 235, Computer and Information Slide #1 Security Access Control Lists Columns

1.24k views • 80 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Language-Based Access Control and Safety Language-based access control is impossible in a

Language-Based Access Control and Safety Language-based access control is impossible in a

Language-Based Access Control and Safety Language-based access control is impossible in a programming language that is not memory safe. Without memory safety, there is no way to guarantee separation of memory used by different program

413 views • 30 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
What is Formative Assessment? Use your smartphone to access the link below:

What is Formative Assessment? Use your smartphone to access the link below:

What is Formative Assessment? Use your smartphone to access the link below: https://padlet.com/burkekathy/fa Creating & Evaluating Reliable Formative Assessments for All Students LUHSD 2019-2020 SDD Research Supported Best Practices

590 views • 38 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2016-01-29 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

683 views • 44 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) October 26, 2000 people 2 Passwords initial password distribution (students)

559 views • 13 slides
Presidents Fall Address October 14, 2015 Moores Opera House Journey of National

Presidents Fall Address October 14, 2015 Moores Opera House Journey of National

Presidents Fall Address October 14, 2015 Moores Opera House Journey of National Competitiveness 2015 2012 ? 2012 U.S. News and 2011 World Report Princeton Recognized as a 2009 Review National University Carnegie Tier

1k views • 37 slides
Hybrid Format for fall 2020 The class is very big (120+ enrolled), so All lectures virtual over

Hybrid Format for fall 2020 The class is very big (120+ enrolled), so All lectures virtual over

Hybrid Format for fall 2020 The class is very big (120+ enrolled), so All lectures virtual over Zoom All office hours virtual over Zoom (for now) Required in-person component - 1 safe in-person chat with course staff - Details on Piazza soon

508 views • 17 slides
Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Carrying certificates around How do you use your [digital] identity? Install your certificate in browser Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski

215 views • 5 slides
Fun IP Prof. Roger Ford Monday, April 25, 2016 Trademarks: Dilution 15 U.S.C. 1125 False

Fun IP Prof. Roger Ford Monday, April 25, 2016 Trademarks: Dilution 15 U.S.C. 1125 False

Fun IP Prof. Roger Ford Monday, April 25, 2016 Trademarks: Dilution 15 U.S.C. 1125 False designations of origin, false descriptions, and dilution forbidden * * * (c) Dilution by blurring; dilution by tarnishment (1) Injunctive relief

737 views • 4 slides
Speaker Recognition Low-Dimensional Representation Sequence of features: GMM

Speaker Recognition Low-Dimensional Representation Sequence of features: GMM

Roadmap Introduction Terminology, tasks, and framework Speaker Recognition Low-Dimensional Representation Sequence of features: GMM Low-dimensional vectors: i-vectors Najim Dehak Processing i-vectors: inter-session

622 views • 15 slides
Lecture 8 n Agenda: n String matching n How to evaluate a pattern recognition system String

Lecture 8 n Agenda: n String matching n How to evaluate a pattern recognition system String

Lecture 8 n Agenda: n String matching n How to evaluate a pattern recognition system String Matching (note 1) n n Definitions: n x = movi. Text :zlatanibrahimovic n Shift: s = offset from start of text to start position of x n Valid

919 views • 35 slides

More recommend