what does the brain tell us about usable security
play

What Does the Brain Tell Us about Usable Security? Anthony Vance - PowerPoint PPT Presentation

Aug 16, 2023 •263 likes •1.12k views

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given a choice between dancing pigs and security, users will pick dancing pigs every time. Felton and McGraw (1999) clicky lusers BYU LAB

  1. What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University

  2. Given a choice between dancing pigs and security, users will pick dancing pigs every time. —Felton and McGraw (1999)

  3. “clicky lusers”

  4. BYU LAB Neurosecurity

  6. 1. Dual-task Interference 2. Habituation 3. Generalization

  8. 1. Dual-task Interference

  12. How bad is this problem?

  14. Baseline (resting)

  15. Memory Baseline task (resting)

  16. 4382359

  17. 1. 4381358 2. 4382369 3. 4382359 4. 4383359

  18. Security task Memory Baseline task (resting)

  21. Security High DTI task Memory Baseline task (resting)

  22. 1. Memorize code 2. 3. Recall code

  23. Temporal Lobe

  24. High DTI vs. Warning Only

  25. Security Task Performance Treatment Warning Disregard High-DTI 22.9% Warning-Only 7.4%

  26. 1. Memorize code 2. 3. Recall code

  27. 1. Memorize code 2. Recall code 3.

  28. Security Task Performance Treatment Warning Disregard High-DTI 22.9% Low-DTI 8.8% Warning-Only 7.4%

  29. chrome

  34. Low-DTI times

  35. After a video

  36. On loading of a page

  37. Waiting for web-based task to complete

  38. Percentage of Disregard Ranking Code Condition Disregarded Low-DTI Conditions LowDTI-5 Low-DTI: Waiting for page load 22% LowDTI-4 Low-DTI: While processing 24% LowDTI-2 Low-DTI: After video 44% LowDTI-1 Low-DTI: On first page load 45% LowDTI-3 Low-DTI: Switching domains 46% Average 36% High-DTI Conditions HighDTI-4 High-DTI: On the way to close window 74% HighDTI-2 High-DTI: While typing 78% HighDTI-1 High-DTI: During video 79% HighDTI-3 High-DTI: While transferring information 87% Average 80%

  39. 100% Security Message Disregard 75% 50% 25% 0% Low-DTI High-DTI

  40. Take-aways

  41. 1. The brain isn’t good at handling interruptions.

  42. 2. Timing a security message to display at a low-DTI results in marked improvement.

  43. 2. Habituation

  47. How bad is this problem?

  52. Animations

  62. Mobile field experiment

  63. Adherence behavior

  66. • Charge purchases to your credit card • Delete your photos • Record microphone audio any time • Sell your web-browsing data

  69. 100% 90% Warning adherence 80% 70% 60% 50% 40% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Days

  70. Take-aways

  71. 1. The human brain is wired to tune out things it has seen before.

  72. 2. Updating the security UI can reduce habituation.

  73. 3. Generalization

  74. Generalization of habituation

  77. How bad is this problem?

  78. Take-aways

  79. 1. Frequent notifications likely contribute to habituation to rare security messages.

  80. 2. Design security messages to be visually distinct

  81. 1. Dual-task Interference 2. Habituation 3. Generalization

  84. BYU LAB Neurosecurity neurosecurity.byu.edu @ neurosecurity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist junho.huh@honeywell.com Honeywell.com What is usable security? Building security solutions that are intuitive and easy to use Many security

350 views • 9 slides
Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

395 views • 12 slides
DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research and Instruction in Technologies for Electronic Security Department of Computer Science University of Illinois at Chicago The Domain Name

598 views • 48 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

715 views • 34 slides
Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of Internet Speaking to a host end-to-end channel Communication security container-based authenticity: X.509, Certificate

678 views • 57 slides
Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security (CUPS) Lab Carnegie Mellon University 2 Personalization 3 Cross-System Personalization 4 Cross-System Personalization 5 Cross-System

310 views • 18 slides
Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two Six Labs working on DARPA Brandeis This talk goes over work from UCB 1 Install-time permissions A ccept all or dont use the app at all. No

944 views • 77 slides
Usable Security Spring 2015 Franziska (Franzi) Roesner

Usable Security Spring 2015 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

1.11k views • 55 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy & Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer, Lorrie Cranor, Rob Reeder, Blase Ur, and Yinqian Zhang 1 Todays class Introducing me Introducing you Human Factors for Security and

985 views • 82 slides
Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to Verifying their Vote Workshop on Usable Security 2/23/2014 Usable Security Lab Jurlind Budurushi, Marcel Woide and Melanie Volkamer Crypto Lab Current

217 views • 19 slides
USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

671 views • 20 slides
Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi,

Blind and Human: Exploring More Usable Audio CAPTCHA Designs Valerie Fanelle, Sepideh Karimi, Aditi Shah, Bharath Subramanian, and Sauvik Das The Sixteenth Symposium on Usable Privacy and Security August 7th - 11th, 2020 High attention levels

1.03k views • 6 slides
Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in

Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer

348 views • 9 slides
RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications

RF-based DFAR and implicit ad-hoc usable security Stephan Sigg Aalto University, Communications and Networking July 1, 2016 Group DFAR Conclusion 2 / 22 Stephan Sigg RF-based DFAR and implicit ad-hoc usable security Group DFAR Conclusion

824 views • 37 slides
10 September 2020 ASX Markets Announcement Office PNGX Markets Exchange Centre Harbourside West

10 September 2020 ASX Markets Announcement Office PNGX Markets Exchange Centre Harbourside West

10 September 2020 ASX Markets Announcement Office PNGX Markets Exchange Centre Harbourside West Building 20 Bridge Street Unit 1B.02, Level 1, Stanley Esplanade Sydney NSW 2000 Down Town, Port Moresby 121 Australia Papua New Guinea BY

477 views • 31 slides
3 -year Report on European Union Pharm acovigilance Activities European Medicines Agency 1 0 th

3 -year Report on European Union Pharm acovigilance Activities European Medicines Agency 1 0 th

3 -year Report on European Union Pharm acovigilance Activities European Medicines Agency 1 0 th stakeholder forum on pharm acovigilance legislation 2 1 Septem ber 2 0 1 6 Helen Lee European Com m ission Directorate General for Health and

531 views • 31 slides
RHD simulations of outflows in the Ursa Minor dSph Bert Vandenbroucke bv7@st-andrews.ac.uk

RHD simulations of outflows in the Ursa Minor dSph Bert Vandenbroucke bv7@st-andrews.ac.uk

RHD simulations of outflows in the Ursa Minor dSph Bert Vandenbroucke bv7@st-andrews.ac.uk Kenneth Wood (St Andrews) Diego Falceta-Gonalves, Anderson Caproni, Gustavo Lanfranchi (So Paulo) Slide 2 of 13 Context: the DIG Vandenbroucke et

239 views • 13 slides
March 29 2016 Agenda Welcome Chapter Business 2016 Business Plan Update February

March 29 2016 Agenda Welcome Chapter Business 2016 Business Plan Update February

ASQ Charleston March 29 2016 Agenda Welcome Chapter Business 2016 Business Plan Update February 2016 Financial Report Section Leadership Announcements and Openings Lowcountry Quality Conference Upcoming Events Stay

189 views • 14 slides
2017 2018 Environmental Leadership Awards April 4 th , 2019 1 Office of Environmental

2017 2018 Environmental Leadership Awards April 4 th , 2019 1 Office of Environmental

2017 2018 Environmental Leadership Awards April 4 th , 2019 1 Office of Environmental Policy Welcome from Our Staff! Rich Miller Director rich.miller@uconn.edu (860) 486-8741 Cherie Taylor Patrick McKee Administrative Coordinator

971 views • 58 slides
Economic potential of smart metering in Germany David Bothe, Jens Perner, Christoph Riechmann 9

Economic potential of smart metering in Germany David Bothe, Jens Perner, Christoph Riechmann 9

Economic potential of smart metering in Germany David Bothe, Jens Perner, Christoph Riechmann 9 October 2010 Our analysis Exemplary implementation of cost-benefit-analysis for the economic potential of smart metering in Germany Focus

549 views • 13 slides
Healthy Ageing: A matter of chance or personal control? Prof. Ruud Kempen Maastricht University

Healthy Ageing: A matter of chance or personal control? Prof. Ruud Kempen Maastricht University

Healthy Ageing: A matter of chance or personal control? Prof. Ruud Kempen Maastricht University Kick Off Meeting 31-1-2017 Percentage 65+ in 2013 and 2050 40 35 30 25 2013 20 2050 15 10 5 0 Bron: Vienna Institute of Demography,

359 views • 17 slides
Return to work in patients with coronary heart disease: results from the EUROASPIRE IV study Els

Return to work in patients with coronary heart disease: results from the EUROASPIRE IV study Els

Return to work in patients with coronary heart disease: results from the EUROASPIRE IV study Els Clays, Delphine De Smedt, Kornelia Kotseva*, Lutgart Braeckman, Dirk De Bacquer Department of Public Health, Ghent University * National Heart and

188 views • 16 slides

More recommend