Usable Security for Webmail and Single Sign-on

KENT SEAMONS & SCOTT RUOTI

COMPUTER SCIENCE DEPARTMENT

BRIGHAM YOUNG UNIVERSITY

INTERNET SECURITY RESEARCH LAB

BYU Computer Scienceo CS Department has 600+ undergraduates, 80 MS, 30 PhD

o Focus on undergraduate research mentoring

Internet Security Research Lab (ISRL)oEstablished 2001

o Funding: DARPA, NSF, Industry

oAlumni◦ 24 MS degrees and 1 PhD degree awarded◦ Placement: Microsoft, Google, IBM, DoD, Sandia, MIT Lincoln Labs, Lockheed-Martin, Blue

Coat, Amazon, etc.

ISRL Research Projectso Automated Trust Negotiation

◦ TrustBuilder – exchange attribute certificates as a basis for trust

o Convenient Decentralized Authentication using Passwords◦ Simple Authentication for the Web (SAW)◦ Luau

o Easy, Secure Data Sharing in the Cloud◦ Private Webmail (Pwm)◦ Private Facebook Chat (PFC)◦ Key Escrow (Kiwi)

o Privacy◦ TLS proxies – how to detect and distinguish from TLS MITM attacks

o Usable Security

Users and SecurityoUsers want to get their work done

oThey will sidestep security if it is inconvenient

Usable SecurityoA significant new research area in the last 10-15 years

o Seminal papers◦ Why Johnny Can’t Encrypt (Whitten and Tygar, 1999)◦ Users are not the Enemy (Adams and Sasse, 1999)

o Research venues with latest research◦ Symposium on Usability, Privacy, and Security (SOUPS)◦ ACM Conference on Human Factors in Computing Systems (CHI)

Why Johnny Can’t EncryptoUsability study of PGP 5.0

oPolitical campaign scenario

oTwelve users were given the software to configure

oUsers completed a series of tasks

Why Johnny Can’t Encrypt ResultsoComplete failure that served as a wakeup call to the community

oOnly four users (33%) were able to correctly send out the encrypted, signed email◦ Seven users encrypted emails with their own public keys◦ Another user generated new key pairs for all the other users and tried to encrypt email with

those keys

oThree users (25%) accidentally emailed the secret message to the other team members without encryption

o Lots of challenges with key management

Usable Security Research Examples◦ Johnny 2 (SOUPS 2005)

◦ Applied automatic key management to S/MIME email◦ A usability study and critique of two password managers (Usenix Security 2006)

◦ Major usability issues discovered◦ Usability issues led to insecurity◦ Most significant problems arose from poor mental models

◦ Social Phishing (CACM 2007)◦ User study that launched real phishing attack against Indiana University students using social

network contact information (71% success rate)

Usable Security Research Examples◦ What makes users refuse web single sign-on? An empirical investigation of OpenID

(SOUPS 2011)◦ Identified challenges and concerns users face when using OpenID◦ Many users had incorrect mental model of how the system worked (71%)◦ Identified changes in the login flow that improves user acceptance

◦ Helping Johnny 2.0 Encrypt his Facebook conversations (SOUPS 2012)◦ Automatic key management and encryption◦ Hypothesized that users may not trust transparent encryption

Research MethodsoApproaches from Human Computer Interaction (HCI)

o Surveys◦ Likert Scale questions

o Laboratory usability studies◦ Task-based◦ Difficult to draw conclusions from trust decisions in a laboratory environment

oAmazon Mechanical Turks◦ Cost effective way for large-scale user studies

oEthical and privacy issues◦ Academic user studies need university review board approval

Metrics - System Usability Scaleo System Usability Scale (SUS) [Brook 1996]

oTen questions using 5 point Likert Scale◦ Alternate negative and positive◦ Calculation that provides a single number for usability

oBangor compared scores for hundreds of systems

SUS Questionso I think that I would like to use this product frequently.

o I found the product unnecessarily complex.

o I thought the product was easy to use.

o I think that I would need the support of a technical person to be able to use this product.

o I found the various functions in the product were well integrated.

o I thought there was too much inconsistency in this product.

o I imagine that most people would learn to use this product very quickly.

o I found the product very awkward to use.

o I felt very confident using the product.

o I needed to learn a lot of things before I could get going with this product.

Usable Security for Single Sign-On

Bob’s in-memory password lookup table

password1 ??? Luke

??? Password2 Ducky

Password3 photos Zxcv

letmein ??? ???

pwd12 qwer Lkjh

asdf ??? ???

The Internet

Password

Who do we trust?

Single Sign-on

Simple Authentication for the WeboHow can web sites offload user authentication all by themselves?

◦ Already doing it as a secondary means of user authentication

o SAW’s approach◦ Improve the security and convenience of email-based password resets◦ Use as primary authentication mechanism

How SAW Works Step 1:

◦ The user submits her email address

Step 2:◦ If her address is authorized, a random secret is

generated and split into two shares

Step 3:◦ The user returns both tokens

◦ Manually: By clicking a link in the email

◦ Automatically: Using the SAW toolbar

Tokens are:• Short-lived• Single-use

Web SiteUser

User’s Email Provider

I’m Alice

From: SAW_TokenGenerator@securecomm.orgTo: student@some.eduSubject: [SAW-https://securecomm.org/login] ATemail=2fe32...

Click on the link below ONLY if you recently initiated a request to log in to https://securecomm.org/login:https://securecomm.org/login?ATemail=2fe322492847eb5dea...

BenefitsoUnilateral deployment by web sites

1. No specialized third party2. No client-side software3. Reuse existing users identifiers and authenticators external to the web site

oAcceptable risk for services that rely on email-based password resets

oAdvanced features◦ Delegation and revocation through email forwarding rules◦ Client-side auditing

oHow do users authenticate to identity

providers when they cannot directly communicate?◦ Giving relying parties the plaintext password is not desirable◦ Allowing an encrypted tunnel invites misuse and requires IP-level connectivity

◦ Forwarding several small messages of known composition offers a good compromise

The Chicken and the Egg

User (U) Identity Provider (IDP)Wireless Access Point (RP)

ID: AlicePW: Peek-a-boo

Msg

1. Use a strong password protocol to establish a mutually authenticated session key between user and her identity provider

2. Use that key to facilitate a SAW token distribution

3. Unify Web and wireless authentication

Luau– High Level IdeaUser (U) Identity Provider (IDP)Wireless Access Point (RP)

Secure Remote Password (SRP)

Future DirectionsoUsability studies comparing SAW to Oauth, OpenID, and some recent proposals

to replace passwords

oUntrusted Input Problem: Password entry into web forms supplied by the server◦ We advocate a move to password entry into the browser chrome or O/S in order to thwart

password phishing attacks◦ Train users to never enter credentials into a web page◦ Users will still be vulnerable to social engineering

o If phishing attacks are thwarted, attackers will focus on the end points◦ Usable solutions to key logging

Confused Johnny: Usable Security for Webmail

Confused JohnnyoE-mail encryption for the masses

oWe developed a system maximizing usability◦ Made everything transparent

o Johnny became confused

oDesigned another system with manual encryption◦ This helped Johnny gain clarity

Encrypted E-mailoExists, but largely goes unused

o S/MIME, PGP◦ Tools available

o “Why Johnny can't encrypt: A usability evaluation of PGP 5.0”◦ Whitten and Tygar, 8th USENIX Security Symposium (1999)◦ Later research confirmed findings

oWhat can be done?

Usability IssuesoUsers resist change

◦ Users are using webmail◦ If security is difficult users will forgo it

oKey management is confusing◦ Hierarchical, web-of-trust◦ Recipient must already have key◦ Chicken and egg problem

oCryptography is complicated◦ Unclear which properties are provided◦ Unclear which properties are needed

Private Webmail (Pwm)oPronounced “Poem”

oAdds end-to-end encryption to existing webmail systems◦ Gmail, Hotmail, Yahoo! Mail◦ Runs on all modern browsers

oDesigned to maximize usability

oProvide good-enough security◦ Improvement for those already sending sensitive e-mail

Security Overlayo Security overlay

◦ Integrates tightly with existing webmail systems

◦ Users do not need to learnyet-another-system

o Tightly integrates with existing systems◦ Replaces small portions of the interface◦ Displayed using iFrames

o Functionally transparent◦ Low barrier to adoption

o Visually distinctive◦ Easy to identify

Usability FixesoUsers resist change

◦ Focus on bootstrapping first-time users◦ Helpful instructions in e-mail◦ Bookmarklet-based installation

oKey management is confusing◦ Key escrow based on IBE◦ Simple Authentication for the Web (EBIA)◦ No user interaction required

oCryptography is complicated◦ Encryption is automatically handled by Pwm◦ Users never interact with ciphertext

Pwm: Walkthrough

Pwm: Walkthrough

Pwm: Walkthrough

Pwm: Walkthrough

Pwm: Walkthrough

Pwm User StudiesoTwo studies

o First study measured usability of Pwm◦ Also evaluated bookmarklets for use during installation

o Second study compared Pwm to Voltage Secure Mail Cloud◦ Voltage Secure Mail Cloud is an existing depot-based secure email system◦ Pwm was run using a browser extension

oEvaluation◦ Pre- and post-survey questionnaire◦ Monitored participants actions for unrecognized mistakes◦ Post-survey interviews

76

71

63

SUS Score Comparison

Success?oResults are very promising

◦ Very positive reception◦ Users indicated they wanted to begin using it

oNot without problems

o Small number sent e-mail without encryption

oParticipants were confused about security◦ Wanted to see more details◦ Unsure of who could read e-mails

Where to go from here?o Simple solutions was to fix UI issues

oOne student (Nathan Kim) had a different idea◦ Manual encryption◦ Decoupled interface

oMocked up these ideas◦ Message Protector (MP)◦ Simple Interface◦ Direct handling of ciphertext◦ Implied key management

MP: Walkthrough

MP: Walkthrough

MP: Walkthrough

MP: Walkthrough

First MP User Studyo Evaluated MP using SUS

o Compared against Encipher.it◦ Bookmarklet-based encryption system◦ Works in Gmail and Facebook

o Evaluation◦ Pre- and post-survey questionnaire◦ Monitored participants actions for unrecognized mistakes◦ Post-survey interviews◦ The system usability scale

o Evaluated comprehension◦ Survey included questions about comprehension◦ How to use the system◦ Who could read messages

61

72

Second MP User Studyo Surprising usability results

◦ Participants had a positive reaction to seeing ciphertext◦ Similar SUS score to MP

oRan a second study comparing MP to Pwm◦ Modeled after the first MP study

76

74

SUS Score Comparison

Other resultsoMP improved users comprehension

◦ Clearly understood how to use system◦ Clearly understood who could read messages

oUsability scores nearly identical to Pwm

oParticipants preferred manual encryption of MP

oParticipants preferred tight integration of Pwm

Study limitationsoMP studies ignore bootstrapping new users

◦ Studies assumed software pre-installed◦ Bootstrapping is a key component of Pwm’s design◦ Not fully representative of overall usability

o Short-term studies

o SUS question unclear◦ “I think that I would like to use this system frequently.”◦ Participants ranked low even when enthusiastic about the system◦ Relevant to security studies

Reviewo Pwm was a success

◦ Participants largely succeeded at using encrypted e-mail◦ Participants had high praise for Pwm◦ Succeeding in being easy for new users

o Pwm wasn’t perfect◦ Security was too transparent◦ Caused users to be confused and make mistakes

o Mocked up a system using manual encryption◦ Users enjoyed manual encryption◦ Wished it was tightly integrated with the browser

o A combination of approaches is needed to solve the problem

Future WorkoManual encryption in Pwm

◦ Don’t automatically send encrypted email◦ “Encrypt” button which puts ciphertext in compose window

o Sidebar◦ Browser sidebar allowing for manual encryption◦ Can be used on any site◦ Fallback for when Pwm has an error

o Long-term studies◦ Larger populations◦ Real tasks

Lessons LearnedoUsability is a key factor in security software

oUsers have expectations about how security works◦ What needs to be exposed?◦ It can impact trust

oThere are tradeoffs◦ Usability vs. security◦ Transparency vs. control◦ No one solution does everything

oResearch needs to focus on real world use cases◦ Collaboration with industry

Questions?