ITIS 6010/8010 Privacy and Security: an HCI Perspective

1
ITIS 6010/8010Privacy and Securityan HCI
Perspective

• Dr. Heather Richter Lipford
• richter_at_uncc.edu

2
Unusable security privacy

• Unpatched Windows machines compromised in minutes
• Phishing web sites increasing by 28 each month
• Most PCs infected with spyware (avg. 25)
• Users have more passwords than they can remember
  and practice poor password security
• Enterprises store confidential information on
  laptops and mobile devices that are frequently
  lost or stolen

Slides from Lorrie Cranor, CMU
3
Whats the problem?

• Why cant security just work?
• How many of you have
• had a virus?
• spyware or malware?
• trouble with spam?
• dad private information stolen?
• known someone who fell for phishing?

4
security/privacy researchers and system
developers
human computer interaction researchers and
usability professionals
5
Grand Challenge

• Give end-users security controls they can
  understandand privacy they can control forthe
  dynamic, pervasive computing environments of the
  future.
• - Computing Research Association 2003

6
Agenda

• Course Overview
• Introductions discussion
• HCI Overview
• Ethics

7
Course Information

• Book
• Security and Usability, eds. Cranor Garfinkel
• Web
• http//www.sis.uncc.edu/richter/classes/2007/6010
  /index.html
• Overview
• Grading and Policies
• Syllabus and Lectures
• Assignments
• Swiki

8
Course Information

• Grading
• Class Participation 10 points
• Reading summaries and assignments 20 points
• Exam 20 points
• Class project 50 points
• 8010 only
• Research topic 20 points

9
Reading summaries

• One paragraph per chapter or paper
• Summarizing important points of that reading
• One question or discussion point
• Post on Swiki by 6pm Tuesday

10
Group project

• 3-4 people per group
• Preliminary user study of privacy or security
  application, mechanism, or concerns
• Deliverables
• Idea
• Initial plan 5 points
• Plan 20 points
• Report 20 points
• Presentation 5 points

11
Project Ideas

• Start with a question or problem
• Why dont more people encrypt their emails?
• How well does product X work for task Y?
• What personal information do people expect to be
  protected?
• Flip through chapters in the book papers
• Follow up on existing study
• Examine your own product/research/idea
• Examine something you currently find frustrating,
  interesting, etc.

12
Course Aims

• Consciousness raising
• Make you aware of HCI issues related to privacy
  and security
• Learn some existing HCI results pertaining to
  privacy and security solutions
• Design critic
• Recognize question bad HCI design in privacy
  and security
• Improve your HCI design evaluation skills in
  the domain of privacy and security

13
Course Overview

• HCI Overview
• Process, methods
• Usability studies
• Privacy Security overview
• Issues relating to
• Authentication
• Secure communication
• Semantic attacks
• Web privacy and security
• Mobile and ubiquitous computing
• Security administrators

14
How to do well

• Time and effort
• Do the reading and prepare for class
• Attend class and participate
• Spend time on project
• Attention to detail
• Communication
• Tell me what you learned and why you made
  decisions

15
Introductions Dr. Heather Richter Lipford

• Ph.D. in C.S. from Georgia Tech in May 2005
• HCI, Ubiquitous Computing, and Software
  Engineering focus
• Contact info
• richter_at_uncc.edu (preferred)
• 704-687-8376
• Office 305E Woodward
• Office Hours
• Thursday 5-6pm
• By appointment

16
Introductions my recent project

• Sharing and privacy in online social networking
  communities (Facebook)
• 10s of millions of users of such sites
• Concern over making too much information publicly
  available
• Little privacy usage on these sites
• How can we allow users to safely share
  information and still maintain desired levels of
  privacy?

17
Introductions Your Turn

• Name, student status, specialization
• Previous HCI/interface experience?
• Previous security/privacy experience?
• What you hope to get from this course?

18
First discussion

• Worst system youve had to interact with?
• What factors made it hard to use?

19
Discussion, cont.

• What is an example of a good UI?
• What makes it good?

20
How do users stay safe online?
21
(No Transcript)
22
Discussion, cont.

• What are applications/UIs that you have used
  related to security and privacy?
• What are your experiences (good bad) in using
  them?

23
Secondary task

• After installing all that privacy and security
  software
• do you have any time left to get work done?

24
Human Computer Interaction

• HCI in a nutshell or as much as can fit in 80
  minutes.

25
Human-Computer Interaction (HCI)

• Human
• the end-user of a program
• the others in the organization

• Computer
• the machine the program runs on
• clients servers, PDAs, cars, microwaves

• Interaction
• the user tells the computer what they want
  (input)
• the computer communicates results (output)

Slides from Jason Hong, CMU
26
HCI

• Basic definition
• The interaction and interface between a human and
  a computer performing a task
• What tasks? Write a document, calculate monthly
  budget, learn about places to live in Charlotte,
  drive home
• Tasks might be work, play, learning,
  communicating, etc. etc.
• Is security one of these tasks?

27
Why is HCI Important?

• Major part of work for real programs (50)
• Bad user interfaces cost
• money (reduced profits, call centers)
• WiFi Alliance 30 of WiFi boxes returned
• reputation of organization (e.g., brand loyalty)
• time (wasted effort and energy by users, rework)
• lives (Therac-25)

28
Why is HCI Important?

• Privacy and Security
• phishing scams
• accidental disclosures (ex. location info,
  cookies)
• difficulty diagnosing the situation (intrusion
  detection)
• intentionally circumventing security mechanisms

29
Famous Quotations

• It is easy to make things hard. It is hard to
  make things easy. Al Chapanis, 1982
• User interfaces hard to get right
• People are unpredictable, difficult to deeply
  analyze
• Intuition of designers often wrong
• Cost or features may be considered over human
  factors
• Creativity is challenging!

30
Usability

• Important issue
• Combination of
• Ease of learning
• High speed of user task performance
• Low user error rate
• Subjective user satisfaction
• User retention over time

31
UI Design / Develop Process

• User-Centered Design
• Analyze users goals tasks
• Create design alternatives
• Prototype
• Evaluate
• Refine
• IMPLEMENT

32
Another take on process
scenariostask analysis
what iswanted
guidelines principles
analysis
interviews what is there vs. what is wanted
precisespecification
design
implement and deploy
dialoguenotations
evaluation heuristics
prototype
architectures documentation help
33
What is wanted Requirements

• User environmental characteristics
• Task analysis
• Desired features and goals
• Usability goals, success criteria

34
Know Thy Users!

• Physical cognitive abilities ( special needs)
• Personality culture
• Knowledge skills
• Motivation
• Two Fatal Mistakes
• Assume all users are alike
• Assume all users are like the designer

35
Finding out about users and their needs

• Learn about people
• Psychology, sociology, HCI research
• General understanding of human capabilities and
  behaviors
• Observe them
• Watch them doing relevant tasks
• Talk to them
• Interviews Focus groups
• Questionnaire (survey)
• Read about them
• manuals, other products, your own previous
  products

36
Describing users Persona
Name Patricia
Age 31
Occupation Sales Manager, IKEA Store
Hobbies Painting Fitness/biking Taking son Devon to the park
Likes Emailing friends family Surprises for her husband Talking on cell phone with friends Top 40 radio stations Eating Thai food Going to sleep late
Dislikes Slow service at checkout lines Smokers
37
Cant we just ask users what they want?

• Not familiar with what is possible with
  technology
• Not familiar with design constraints
• Budget, legacy code, time, etc
• Not familiar with good design
• Not familiar with security and privacy
• Sometimes users dont know what they want
• Ex. Remote controls
• Not able to understand assumptions behind their
  own behavior
• So we need to do deeper analysis

38
Task Analysis

• Process of analyzing and documenting how people
  perform their jobs or activities
• Task-subtask decomposition
• Focus on
• Activities
• Artifacts
• Relations
• Conditions and outcomes of tasks

39
Describing tasks Scenarios

• Its Friday afternoon and John just got paid. He
  wants to deposit his check immediately so he can
  pay his rent. He stops at one branch of his bank
  on the way home from work. He waits in his car
  while another person finishes using the ATM in
  front of the bank since it is drizzling outside.
  He walks up to the ATM to deposit his check.
  Only, as he is about to put the check into the
  envelope at the ATM, he realizes that he has not
  signed the back of it, and he has no pen and can
  not find one on or near the ATM machine. He
  cancels the transaction on the ATM, and enters
  the bank, which luckily is still open for 5 more
  minutes. He goes to the counter, finds a pen, and
  signs his check. He also fills out a deposit
  slip. He then waits to see a teller in person to
  deposit his check, and get money for the weekend.

40
Usability Requirements

• Usability goals such as learnability,
  consistency, robustness, etc.
• Ways to measure and judge success
• Time to complete key tasks - min, max
• Time to become proficient - do given set of tasks
  in given time
• Subjective satisfaction

41
In-class example

• Firewall product for a home with multiple
  computers on one wireless network.
• User characteristics
• Environmental characteristis (physical,
  technical, social)
• Tasks involved
• Usability criteria

42
The process
scenariostask analysis
what iswanted
guidelines principles
analysis
interviews what is there vs. what is wanted
precisespecification
design
implement and deploy
dialoguenotations
evaluation heuristics
prototype
architectures documentation help
43
What is design?

• Achieving goals within constraints
• A design is a simplified representation of the
  desired artifact
• text description of tasks
• screen sketches or storyboards
• flow diagrams / outline showingtask structure
• executable prototypes

44
Four Myths about Good Design

• Myth 1 Only experts create good designs
• experts faster, simple and effective techniques
  anyone can apply
• Myth 2 We can fix the user interface at the end
• good design is more than just user interface
• having right features, building those features
  right
• Myth 3 Good design takes too long / costs too
  much
• simple and effective techniques that can reduce
  total development time cost (finds problems
  early on)
• Myth 4 Good design is just cool graphics
• graphics part of bigger picture of what to
  communicate how

45
Design Guidelines Principles

• Conceptual models
• Affordances
• Visibility
• Mapping
• Feedback
• Constraints

46
Conceptual Models

• Mental representation of how object works and
  how interface controls affect it
• People may have preconceived models that are
  hard to change
• (4 5) vs. (4 5 )
• dragging to trash?
• delete file but eject disk
• Designer can help user foster an appropriate
  conceptual model
• Appearance, instructions, behavior...

47
Refrigerator
freezer
fresh food

• Problem freezer too cold, but fresh food just
  right

48
Refrigerator Controls
Normal Settings C and 5 Colder Fresh Food C and
6-7 Coldest Fresh Food B and 8-9 Colder
Freezer D and 7-8 Warmer Fresh Food C and
4-1 OFF (both) 0

• What is your conceptual model?

49
A Common Conceptual Model
cooling unit
cooling unit

• independent controls

50
Actual Conceptual Model
cooling unit

• Now can you fix the problem?
• Possible solutions
• make controls map to users model
• make controls map to actual system

51
Conceptual Model Mismatch

• Mismatch between designers and users conceptual
  model leads to
• Slow performance
• Errors
• And inability to recover
• Frustration
• ...

52
Affordances

• Perceived and actual properties of an object that
  suggest how it could be used
• Chair is for sitting
• Button is for pushing
• Door handle is for .
• Scroll arrow is for
• Icon is for
• Interfaces have perceived affordances
• Learned conventions of arbitrary mappings between
  action and effect at the interface

53
Visibility

• When functionality is hidden, problems in use
  occur
• Occurs when number of functions is greater than
  number of controls
• When capabilities are visible, it does not
  require memory of how to use

54
Feedback

• Sending information back to the user about what
  has been done
• Includes sound, highlighting, animation and
  combinations of these
• e.g. when screen button clicked on provides sound
  or red highlight feedback

ccclichhk
55
Mapping

• Which controls which?

56
Which is better?
or
57
Notorious Example
58
Constraints

• Limitations on what can be done
• Physical - keys
• Semantic - menu graying
• Cultural - Colors
• Logical - When all above dont apply
• What if we had to remember which side of the plug
  was the large one?

59
Constraints
60
Other Types of Guidelines

• Error prevention
• Error recovery
• Aesthetics minimalist design
• Consistency
• Flexibility

61
The process
scenariostask analysis
what iswanted
guidelines principles
analysis
interviews ethnography what is there vs. what is
wanted
precisespecification
design
implement and deploy
dialoguenotations
evaluation heuristics
prototype
architectures documentation help
62
Express designs Prototyping

• Expressing design ideas
• Make it fast!!!
• Allow lots of flexibility for radically different
  designs
• Make it cheap
• Promote valuable feedback
• Facilitate iterative design and evaluation

63
Prototypes

• Mockup
• Storyboard
• Sketches
• Scenarios
• Screenshots
• Limited functionality GUI interface

64
Fidelity in Prototyping

• Fidelity level of detail
• High fidelity
• prototype looks like the final product
• Low fidelity
• artists rendition with many details missing
• Amount of polish should reflect maturity of the
  prototype

65
Comparisons

• Informal visual representation
• communicates unfinished
• encourages creativity
• faster to create
• higher-level feedback

• Formal visual representation
• communicates finished
• inhibits creativity (detailing)
• slower to create
• Low-level feedback

66
Paper Prototyping

• Use paper to represent entire interface and a
  human to play the computer
• Draw a window frame on large paper
• Put different screen regions on cards or post-its
• anything that moves, changes, appears/disappears
• Ready response for any user action
• e.g., have those pull-down menus already made
• Use transparencies for user input
• Use photocopier to make many versions

Paper Prototyping by Carolyn Snyder http//www.pap
erprototyping.com/
67
The process
scenariostask analysis
what iswanted
guidelines principles
analysis
interviews what is there vs. what is wanted
precisespecification
design
implement and deploy
dialoguenotations
evaluation heuristics
prototype
architectures documentation help
68
When to do evaluation?

• Summative
• assess an existing system
• judge if it meets some criteria
• Formative
• assess a system being designed
• gather input to inform design
• Which you do depends on maturity of prototypes
  and goals of evaluation
• Same techniques work for both

69
Evaluation techniques

• Feedback from experts
• Discount usability techniques heuristic
  evaluation, cognitive walkthrough
• Observe users
• Think-aloud Cooperative evaluation
• Talk to users
• Interviews Focus groups
• Survey users
• Questionnaires
• Test hypotheses
• Experiments

70
Typical User Study

• Bring participants into a controlled setting
  (lab)
• Introductions and consent
• Gather demographic data and give instructions
• Ask participant to do a set of tasks
• Prototype can be simulated or partially
  functional
• Observe and record behavior
• Ask participant for feedback about interface

71
Many variations

• Show or demonstrate mockup, storyboard,
  screenshots and gather feedback
• Observe or gather data about behavior in a
  natural setting
• Can be multiple sessions or just one

72
Evaluation planning

• Decide on techniques, tasks, materials
• What are usability criteria?
• How much required authenticity?
• How many people, how long
• How to record data, how to analyze data
• Prepare materials interfaces, storyboards,
  questionnaires, etc.
• Pilot the entire evaluation
• Test all materials, tasks, questionnaires, etc.
• Find and fix the problems with wording,
  assumptions
• Get good feel for length of study

73
General Recommendations

• Clearly identify evaluation goals
• Include both objective subjective data
• e.g. completion time and preference
• Use multiple measures, within a type
• e.g. reaction time and accuracy
• Use quantitative measures where possible
• e.g. preference score (on a scale of 1-7)
• Note Only gather the data required do so with
  minimum interruption, hassle, time, etc.

74
Performing the Study

• Be well prepared so participants time is not
  wasted
• Describe the purpose of the evaluation
• Im testing the product Im not testing you
• Explain procedures without compromising results
• Session should not be too long , subject can quit
  anytime
• Never express displeasure or anger
• Data to be stored anonymously, securely, and/or
  destroyed

75
Consent

• Why important?
• People can be sensitive about this process and
  issues
• Errors will likely be made, participant may feel
  inadequate
• May be mentally or physically strenuous
• What are the potential risks (there are always
  risks)?
• Vulnerable populations need special care
  consideration
• Children disabled pregnant students (why?)
• More later on IRB

76
Now what do you do?

• Start just looking at the data
• Were there outliers, people who fell asleep,
  anyone who tried to mess up the study, etc.?
• Sort prioritize the data
• Identify summarize issues
• Overall, how did people do?
• 5 Ws (Where, what, why, when, and for whom
  were the problems?)
• Compile aggregate results and descriptive
  statistics

77
Making Conclusions

• Where did you meet your criteria? Where didnt
  you?
• What were the problems? How serious are these
  problems?
• What design changes should be made?
• Update task analysis, scenarios, etc.
• Prioritize and plan changes to the design
• Modify prototypes and go again

78
Experiments

• A controlled way to determine impact of design
  parameters on user experience
• Want results to eliminate possiblity of chance
• Hypothesis What you predict will happen
• More specifically, the way you predict the
  dependent variable (i.e., accuracy) will depend
  on the independent variable(s)

79
Types of Variables

• Independent
• What youre studying, what you intentionally vary
  (e.g., interface feature, interaction device,
  selection technique)
• Dependent
• Performance measures you record or examine (e.g.,
  time, number of errors)
• Controlled
• Factors you want to prevent from influencing
  results

80
Controlling Variables

• Prevent a variable from affecting the results in
  any systematic way
• Methods of controlling for a variable
• Dont allow it to vary
• e.g., all males
• Allow it to vary randomly
• e.g., randomly assign participants to different
  groups
• Counterbalance - systematically vary it
• e.g., equal number of males, females in each
  group
• The appropriate option depends on circumstances

81
Example

• Do people complete operations faster with a
  black-and-white display or a color one?
• Independent - display type (color or b/w)
• Dependent - time to complete task (minutes)
• Controlled variables - same number of males and
  females in each group
• Hypothesis Time to complete the task will be
  shorter for users with color display
• Ho Timecolor Timeb/w

82
Experimental Designs

• Within Subjects Design
• Every participant provides a score for all levels
  or conditions

Color
B/W P1 12 secs. 17
secs. P2 19 secs. 15
secs. P3 13 secs. 21
secs. ...
83
Experimental Designs

• Between Subjects
• Each participant provides results for only one
  condition

Color B/W P1 12 secs.
P2 17 secs. P3 19 secs. P5
15 secs. P4 13 secs. P6 21 secs. ...
84
Comparison

• Within subjects
• More efficient fewer trials and participants
• But need to avoid order effects
• e.g. seeing color then b/w may be different from
  seeing b/w then color
• Between subjects
• Simpler design analysis because fewer order
  effects
• Often shorter, so easier to recruit participant
• More subjects for same statistical power

85
Hypothesis Testing

• Tests to determine differences
• t-test to compare two means
• ANOVA (Analysis of Variance) to compare several
  means
• Need to determine statistical significance
• Significance level (p)
• The probability that your null hypothesis was
  wrong, simply by chance
• p (alpha level) is often set at 0.05, or 5 of
  the time youll get the result you saw, just by
  chance

86
Discount Evaluation Techniques

• Basis
• Observing users can be time-consuming and
  expensive
• Try to predict usability rather than observing it
  directly
• Conserve resources (quick low cost)

87
Approach - inspections

• Expert reviewers used
• HCI experts interact with system and try to find
  potential problems and give prescriptive feedback
• Best if
• Havent used earlier prototype
• Familiar with domain or task
• Understand user perspectives
• Does not require working system

88
Example Heuristic evaluation

• 3-5 experts in HCI view or interact with a
  prototype.
• May vary from mock-ups and storyboards to a
  working system
• They use high-level heuristics as guidelines, and
  identify any problems they see.
• Designers compile and summarize all the problems
  and iterate.
• Where to get heuristics?
• http//www.useit.com/papers/heuristic/
• http//www.asktog.com/basics/firstPrinciples.html

89
Heuristics

• use simple and natural dialog
• speak users language
• minimize memory load
• be consistent
• provide feedback

• provide clearly marked exits
• provide shortcuts
• provide good error messages
• prevent errors

90
Cognitive Walkthrough

• Assess learnability and usability through
  simulation of way novice users explore and become
  familiar with interactive system
• Experts walk through all steps in representative
  tasks, identifying trouble spots based on 4
  questions
• Will users be trying to produce whatever effect
  action has?
• Will users be able to notice that the correct
  action is available? (is it visible)
• Once found, will they know its the right one for
  desired effect? (is it correct)
• Will users understand feedback after action?

91
Advantages Disadvantages

• Fast and cheap
• Does not need working system
• Detailed, careful examination that can cover
  entire interface
• Problems are subjective are they really
  usability problems?
• Outcomes depend upon expertise and experience of
  the reviewers

92
For more info

• http//www.sis.uncc.edu/richter/classes/2006/6010
  /index.html
• or
• http//www.sis.uncc.edu/clatulip/ITIS6400/ITIS640
  0_Home.html
• Or take the course in the spring.

93
Ethics of working with people

• Usability testing can be arduous privacy is
  important
• Each person should know and understand what they
  are participating in
• what to expect, time commitments
• what the potential risks are
• how their information will be used
• Must be able to stop without danger or penalty
• All participants to be treated with respect

94
Attribution Theory

• Studies why people believe that they succeeded or
  failed--themselves or outside factors (gender,
  age differences)
• Make sure participants do not feel that they did
  something wrong, that the errors are their
  problem

95
Respecting your participants

• Be well prepared so participants time is not
  wasted
• Make sure they know you are testing software, not
  them
• Explain procedures without compromising results
• Make them aware they can quit anytime
• Make sure participant is comfortable
• Session should not be too long
• Maintain relaxed atmosphere
• Never indicate displeasure or anger
• State how session will help you improve system
  (debriefing)
• Dont compromise privacy (never identify people,
  only show videos with explicit permission)

96
IRB

• Institutional Review Board (IRB)
• Federal law governs procedures
• Reviews all research involving human (or animal)
  participants
• Safeguarding the participants, and thereby the
  researcher and university
• Not a science review (i.e., not to asess your
  research ideas) only safety ethics
• http//www.research.uncc.edu/Comp/human.cfm

97
Ethics Certification

• Ethics is not just common sense
• Training being standardized to ensure even and
  equal understanding of issues
• Go get your certification due Sept. 4!
• http//www.research.uncc.edu/tutorial/index3.cfm

98
IRB _at_ UNCC

• http//www.research.uncc.edu/comp/human.cfm
• On-line tutorial
• Guidelines
• Consent procedures and template forms
• Protocol application forms
• IRB Protocol 101 Training
• http//www.research.uncc.edu/comp/human_trng.cfm