usable security
play

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What - PowerPoint PPT Presentation

Mar 07, 2023 •467 likes •671 views

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

  1. USABLE 
 SECURITY GRAD SEC SEP 28 2017

  2. USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) 
 [Accuracy vs. cost trade-off] Other

  3. USER AUTHENTICATION

  4. INKBLOT AUTHENTICATION Come up with two characters per image

  5. DO WE NEED STRONG PASSWORDS? What’s the threat model? How should we store passwords? Is the attack online or offline? Is the attack targeted or seeking any user ?

  6. DO WE NEED STRONG PASSWORDS? Let’s consider offline attacks 6-digit passwords + 3-strikes-you’re-out Let’s give the attacker 10 years to guess 10 years = ~10^4 passwords = ~1%

  7. TODAY’S PAPERS

  8. BONUS PAPER

  9. EXPERIMENT SETUP 297 USB drives dropped around campus Varied location, time of day, and appearance: Periodically went to the locations to see what was taken/when

  10. EXPERIMENT SETUP All files are .html page informing them they’re part of a study <img> hits the measurement server + Survey

  11. FINDINGS 45% of the drives 
 had a file open 98% of the drives 
 were removed Median 6.9h Might have plugged it in 
 but not opened a file

  12. WHY DID THEY DO IT? Fewer opened files Perhaps they opened it altruistically to return it?

  13. WHY DID THEY DO IT?

  14. WHY DID THEY DO IT? Altruism? Reality 
 (50% with 
 return label)

  15. WHY TAKE THE RISK?

  16. WHY TAKE THE RISK? Domain-specific risk taking (DOSPERT) scale 
 Test for risk aversion (higher = riskier), different categories

  17. WHY TAKE THE RISK? Domain-specific risk taking (DOSPERT) scale 
 Test for risk aversion (higher = riskier), different categories

  18. WHO DID IT? Representative of the university setting

  19. DID THEY KNOW WHAT THEY WERE DOING? Security Behavior Intentions Scale (SeBIS) Original study: Mechanical Turks. Not representative of UIUC

  20. TODAY’S PAPERS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist junho.huh@honeywell.com Honeywell.com What is usable security? Building security solutions that are intuitive and easy to use Many security

350 views • 9 slides
Usable Security [finish] &amp; Physical Security Spring 2016 Franziska (Franzi) Roesner

Usable Security [finish] &amp; Physical Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security [finish] &amp; Physical Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

395 views • 12 slides
DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research and Instruction in Technologies for Electronic Security Department of Computer Science University of Illinois at Chicago The Domain Name

598 views • 48 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

715 views • 34 slides
What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given a choice between dancing pigs and security, users will pick dancing pigs every time. Felton and McGraw (1999) clicky lusers BYU LAB

1.12k views • 84 slides
Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of Internet Speaking to a host end-to-end channel Communication security container-based authenticity: X.509, Certificate

678 views • 57 slides
Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security (CUPS) Lab Carnegie Mellon University 2 Personalization 3 Cross-System Personalization 4 Cross-System Personalization 5 Cross-System

310 views • 18 slides
Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two Six Labs working on DARPA Brandeis This talk goes over work from UCB 1 Install-time permissions A ccept all or dont use the app at all. No

944 views • 77 slides
Usable Security Spring 2015 Franziska (Franzi) Roesner

Usable Security Spring 2015 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

1.11k views • 55 slides
Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer, Lorrie Cranor, Rob Reeder, Blase Ur, and Yinqian Zhang 1 Todays class Introducing me Introducing you Human Factors for Security and

985 views • 82 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy &amp; Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to Verifying their Vote Workshop on Usable Security 2/23/2014 Usable Security Lab Jurlind Budurushi, Marcel Woide and Melanie Volkamer Crypto Lab Current

217 views • 19 slides
Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi, Aditi Shah, Bharath Subramanian, and Sauvik Das The Sixteenth Symposium on Usable Privacy and Security August 7th - 11th, 2020 High attention levels

1.03k views • 6 slides
Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in

Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer

348 views • 9 slides
RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications and Networking July 1, 2016 Group DFAR Conclusion 2 / 22 Stephan Sigg RF-based DFAR and implicit ad-hoc usable security Group DFAR Conclusion

824 views • 37 slides
A Lifecycle Approach Phil Shafer IETF96, Berlin Problem

A Lifecycle Approach Phil Shafer IETF96, Berlin Problem

A Lifecycle Approach Phil Shafer IETF96, Berlin Problem Fuzzy terms Applied, Intended, acAve, even configuraAon Rorschach test for readers We

434 views • 7 slides
Pareidolia: One way our Brains Eff with Us Elan Dubrofsky What is Pareidolia? &quot;The term

Pareidolia: One way our Brains Eff with Us Elan Dubrofsky What is Pareidolia? &quot;The term

Pareidolia: One way our Brains Eff with Us Elan Dubrofsky What is Pareidolia? &quot;The term pareidolia (pronounced /pra doli/ ) describes a psychological phenomenon involving a vague and random stimulus (often an image or sound)

407 views • 19 slides
Confidence ellipses when analyzing simultaneously several contingency tables resulting from

Confidence ellipses when analyzing simultaneously several contingency tables resulting from

Confidence ellipses when analyzing simultaneously several contingency tables resulting from free-text descriptions CADORET Marine 1 , BUCHE Marianne 1 , L Sbastien 1 1 Laboratoire de mathmatiques appliques, A GROCAMPUS O UEST , Rennes 1

608 views • 41 slides
Racial Equity Analysis Impact and benefit analysis Racial equity outcomes Racial equity

Racial Equity Analysis Impact and benefit analysis Racial equity outcomes Racial equity

2020 TRANSPORTATION FUNDING MEASURE Racial Equity Analysis Impact and benefit analysis Racial equity outcomes Racial equity strategies and accountability mechanisms Metro Council Work Session 2/27/2020 How does Get Moving 2020

584 views • 29 slides
Pure Cutting Plane Methods for ILP: a computational perspective Matteo Fischetti, DEI, University

Pure Cutting Plane Methods for ILP: a computational perspective Matteo Fischetti, DEI, University

Pure Cutting Plane Methods for ILP: a computational perspective Matteo Fischetti, DEI, University of Padova Rorschach test for OR disorders: can you see the tree? 1 ISMP 2009 Looking inside Gomory Aussois, January 7-11 2008 Outline 1. Pure

375 views • 34 slides
Lifted Message Passing Rorschach Test K. Kersting 2 Lifted Message Passing GRAPHBOT@ ROS 2010

Lifted Message Passing Rorschach Test K. Kersting 2 Lifted Message Passing GRAPHBOT@ ROS 2010

GRAPHBOT 2010. IROS WORKSHOP ON PROBABILISTIC GRAPHICAL Sriraam Babak Fabian Scott Youssef El Natarajan Ahmadi Hadiji Sanner Massaoudi MODELS IN ROBOTICS Taipei, Taiwan, October 22. 2010 A E Kristian Kersting Lifted Message

431 views • 28 slides
What is Item Response Theory? Nick Shryane Social Statistics Discipline Area University of

What is Item Response Theory? Nick Shryane Social Statistics Discipline Area University of

What is Item Response Theory? Nick Shryane Social Statistics Discipline Area University of Manchester nick.shryane@manchester.ac.uk 1 What is Item Response Theory? 1. Its a theory of measurement, more precisely a psychometric theory.

818 views • 57 slides
Recap : UML artefacts Actors Use Cases Use Case Diagrams Storyboards Black Box Functional

Recap : UML artefacts Actors Use Cases Use Case Diagrams Storyboards Black Box Functional

L5-1 Recap : UML artefacts Actors Use Cases Use Case Diagrams Storyboards Black Box Functional Requirements Specification Diagrams: Class System System Sequence Test Design Statechart Activity Test Cases System System

405 views • 23 slides

More recommend