Transcript Security and Privacy in the Digital Age

Security and Privacy in the
Digital Age
Sergio Caltagirone
University of Idaho
3/30/04
3/30/04
Sergio Caltagirone
Human/Computer Interaction
Introduction to Security
• Three Components of Security
– Availability
– Integrity
– Confidentiality
3/30/04
Sergio Caltagirone
Human/Computer Interaction
Contemporary Security Threats
• Availability
– Denial of Service Attacks (and distributed)
• Integrity
– Man in the middle attacks
• Confidentiality
– Data mining
– Snooping (eavesdropping)
3/30/04
Sergio Caltagirone
Human/Computer Interaction
Security and HCI
• Examining end-user interfaces in security systems
– How many unsuccessful login attempts
– Best way for user to authenticate themselves
• Challenge question, password, biometrics
– Design interface to set privacy preferences
– Design interface for security tools
• Data Mining
– How users can aggregate data from a number of sources
3/30/04
Sergio Caltagirone
Human/Computer Interaction
Solutions
• “Transparency” – make security invisible
• Task allocation – current authentication requires
too much user memorization
– Biometrics, graphical passwords
• Visualization can be used in network defense
applications
• Readjust user valuation of trustworthiness
• Explanation at decision points must be user
understandable
• Greater formal analysis of data mining
3/30/04
Sergio Caltagirone
Human/Computer Interaction
Current State of Security and
HCI
• Workshop on integrating HCI and Security
– CHI 2003 (Ft. Lauderdale)
• NSA recently added HCI to list of necessary
research
3/30/04
Sergio Caltagirone
Human/Computer Interaction