1

Secure Interaction Design

Kami Vaniea

2

Overview

Designing secure interfacesDesign principles

Firefox extensionsCookiesPhishingTracking

3

Overview

Designing secure interfaces Design principles

Firefox extensions Petname Add N Edit Cookies Cookie Culler Cookie Button Distrust X Paranoia

4

Secure Interaction Design

Designing a computer system to protect the interests of its legitimate user

5

Problems

Viruses Spyware Phishing Online tracking Unintentional disclosure of information

6

Mental Models

For software to protect its users interests, its behavior should be consistent with the user’s expectations.

What the user thinks

is happening

What is shown in the interface

What is really happening

7

Designation vs. Admonition

Security by designation When a user designates an action, take appropriate

security related actions Double clicking a Word document

Security by admonition Provide notifications that the user looks at and takes

appropriate action from Display a warning when the user tries to do

something dangerous

8

Design Principles

Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability

and competitive pressure collide

9

Know Your Audience

Who are they? What skills do they have? If you don’t know who they are you can’t

think like them If your product doesn’t match your

audience then it will not do as well as it could have

10

Think Like Your Audience

Present your design to other people to get feedback

Think of a representative of your audience and design for themCould my mother use this?

11

Eliminate Clutter

Think about the tasks the user needs to perform

If a word or button is not necessary to those tasks then remove it

12

Eliminate Complexity

Again what are the tasks the user needs to perform

Dose your design allow them to complete these tasks in the simplest manner

Design for the common tasks, don’t sacrifice usability of common tasks for usability of rare or unlikely tasks

13

Create Just Enough Feedback

Users just want it to work If it can be done safely without their

involvement do it They want to be reassured it is working in

unobtrusive ways

14

Be a Customer Advocate When Usability and Competitive Pressure Collide Its your job to make sure that customers

don’t suffer from poor design Be willing to compromise with developers

if it gets a better interface

15

Questions

16

Overview

Designing secure interfaces Design principles

Firefox extensions Petname Add N Edit Cookies Cookie Culler Cookie Button Distrust X Paranoia

17

Firefox

A free web browser “Browse the Web with confidence - Firefox

protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy.“3

www.getfirefox.com

18

Firefox Extensions

“Extensions are small add-ons that add new functionality to Firefox. They can add anything from a toolbar button to a completely new feature. They allow the application to be customized to fit the personal needs of each user if they need additional features, while keeping Firefox small to download. “2

19

Firefox Extensions

20

Firefox Extensions

21

Anti-Paranoia

Takes all your doubts and gives you confidence.

Especially if you are working on security, you might get the feeling that your part of something really big and maybe even evil.

How can your extension help me? It will pop up calmative messages for you to feel relaxed while browsing the web.

No, this extension will not spy and destroy your personal data, remember: Everything is good!

22

Petname

“Need help avoiding phishing and spoofing attacks? The petname tool can help you avoid online fraud by clearly distinguishing your online relationships.

Using the petname tool, you can save a reminder note about a relationship you have with a secure site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.” 1

23

Petname

24

Petname

25

Petname

26

Cookies

A cookie is a small file downloaded by your web browser that is used to identify you to a website.

27

Cookie Examples

Doubleclick.com id80000060da01136doubleclick.net/

102432379712029957155287164811229736878* Sun

SUN_ID128.2.141.103:49701134167353sun.com/153624479276803122654586416876829752592*

28

Cookies

ConvenientAutomatic loginPersonalizationSession information

Not so GoodUsage trackingTargeted adsUnwanted logins

29

Firefox Cookie Settings

30

Add N Edit Cookies

Cookie Editor that allows you add and edit "session" and saved cookies.

31

Add N Edit Cookies

32

Add N Edit Cookies

33

34

Design Principles

Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability

and competitive pressure collide

35

36

Cookie Culler

Extended Cookie Manager--protect/unprotect selected cookies

37

Cookie Culler

38

Cookie Button in the Status Bar

Button for easy access to cookie permissions in the status bar. For those who have been asking for cookie button in the status bar.

39

Cookie Button in the Status Bar

40

Cookie Button in the Status Bar

41

Distrust

Hide surfing trails that the browser leaves behind.AKA Private Browsing.Once turned on this extension monitors FireFox for its activities.Once turned off Distrust will remove history items cache and cookies that were used during the distrust session.

42

Distrust

43

Distrust

44

X Paranoia

Adds a paranoia button to the toolbar (clear your history, saved form information, passwords, download history, cookies, and/or cache with as little as two clicks).

45

X Paranoia

46

Design Principles

Know your audience Think like your audience Eliminate clutter Eliminate complexity Create just enough feedback Be a customer advocate when usability

and competitive pressure collide

47

Bibliography

1. Petname Firefox Extension: https://addons.mozilla.org/extensions/moreinfo.php?id=957&application=firefox

2. Firefox Extensions (https://addons.mozilla.org/extensions/?application=firefox)

3. Firefox (http://www.mozilla.com/firefox/)