Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Line of Trust Seminar Presentation

Line of Trust Seminar Presentation

A project talk for https://tlseminar.github.io/

Sam Havron

May 02, 2017
Tweet

More Decks by Sam Havron

Other Decks in Education

Transcript

  1. CLIENT UI IMPROVING WEB BROWSER

  2. CLIENT UI MOTIVATION Trusted UI Authentication Identity Validation

  3. MOTIVATION … TRUSTED UI

  4. TRUSTED UI Trust is pixel-thin All your zones are belong

    to us AND THAT’S NOT ALL…
  5. CLIENT UI MOTIVATION Trusted UI Authentication Identity Validation

  6. MOTIVATION IDENTITY VALIDATION Who are we talking to? How are

    we talking? Where are we? Our stuff Settings Menu Security category The steering wheel IDENTITY NAVIGATION SECURITY SECURITY USER-DEFINED CONFIGURATION NAVIGATION TOO MUCH?
  7. CLIENT UI MOTIVATION Trusted UI Authentication Identity Validation

  8. STORY TIME THIS IS BOB

  9. LINE OF TRUST PICTURE-IN-PICTURE

  10. LINE OF TRUST VERIFICATION ENGINE

  11. LINE OF TRUST ACTIVE SECURITY INDICATORS TRUST ME

  12. LINE OF TRUST ACTIVE SECURITY SPOOFING TRUST ME ALWAYS UNSAFE

    NOW YOU'RE SAFE ▸ Active INsecurity
  13. LINE OF TRUST SPOOFGUARD

  14. LINE OF TRUST GUARDROID

  15. LINE OF TRUST BUILT-IN BROWSER ALERTS But is this enough

    to catch the attention of a desensitized user?
  16. LINE OF TRUST bob ************ But if this page was

    spoofed, would Bob be sufficiently suspicious of being asked to manually enter his password? PASSWORD MANAGERS The heroes no one expected
  17. LINE OF TRUST INVISIBLE SECURITY ▸ Make it "just work"

    invisibly, make security/privacy understandable (visible and intuitive), train the user, a combination of these
  18. LINE OF TRUST USER STUDY ▸ How do we answer

    these questions? Through user studies ▸ User studies are the gold standard for evaluating user interfaces ▸ Motivate potential of research area
  19. CONCLUDING THOUGHTS WHAT ELSE? Computer Vision UI Redesign Simple Idea?

    Easy to adopt?
  20. CONCLUDING THOUGHTS UI REDESIGN Who are we talking to? How

    are we talking? Where are we? Our stuff Settings Menu Security category The steering wheel IDENTITY NAVIGATION SECURITY SECURITY USER-DEFINED CONFIGURATION NAVIGATION
  21. CONCLUDING THOUGHTS GOAL: SECURITY OBJECTIVES - Send encrypted data -

    Distribute Keys - Authenticate What should a properly-designed web UI guarantee? - Minimal false positives - Understand Intent - Authenticate website.com
  22. QUESTIONS?