Android Security Symposium 2015

The quest for usable security

About the speaker

N. Askoan

Aalto University and University of Helsinki, Helsinki, Finland

N. Asokan is a professor at Aalto University and the University of Helsinki. Prior to joining academia, he spent over 15 years at leading industrial research laboratories. His research interests center on understanding how to build systems that are simultaneously secure, easy to use and inexpensive to deploy.

More information on Asokan's work is available at his website asokan.org/asokan/.

Abstract

Over the last decade or so, the security research community has come to recognize the importance of simultaneously achieving usability and security goals when designing new protocols, applications, and systems for ordinary non-specialist users in the mass market. Often the primary motivation (from the perspective of designers) for usable security arises when lack thereof will lead to a definite cost. The source of such costs can be surprising.

I will use two example problem instances as case studies to discuss the challenges of designing usable and secure systems. The first is the case of secure device pairing, where the research and standardization communities attempted to design and deploy a suite of device pairing mechanisms that are both usable and secure. This effort resulted in the development of several novel key agreement protocols. The second is a recent attempt to design a zero-effort deauthentication scheme. I will then describe a number of current problems in mobile devices that need usable and secure solutions.

On the positive side, mobile devices offer opportunities for security researchers that traditional PCs do not. I will briefly outline some exploratory ideas that my colleagues and I have been investigating on this front.

Slides

Get the slides on Asokan's website. (Check out Asokan's recent talks on his website.)

Video