5-899 / 17-500 Usable Privacy and Security

Spring 2006: Wean Hall 5409, Tuesdays and Thursdays 9-10:20 am
Class web site: http://cups.cs.cmu.edu/courses/ups-sp06/
Class mailing list: http://cups.cs.cmu.edu/mailman/listinfo/ups

Professor: Lorrie Cranor

• Email: lorrie AT cs DOT cmu DOT edu
• Web: http://lorrie.cranor.org/
• Phone: 412-268-7534
• Office: CIC 2207
• Office hours: Mondays 1:30-2:30 pm (through March 20 only) or by appointment

Professor: Michael Reiter

• Email: reiter AT cmu DOT edu
• Web: http://www.ece.cmu.edu/~reiter/
• Phone: 412-268-1318
• Office: CIC 2123
• Office hours: TBA or by appointment

Professor: Jason Hong

• Email: jason AT cs DOT cmu DOT edu
• Web: http://www.cs.cmu.edu/~jasonh/
• Phone: 412-268-1251
• Office: NSH 2504D
• Office hours: Mondays and Thursdays 4-5 pm or by appointment

There is growing recognition that technology alone will not provide all of the solutions to security and privacy problems. Human factors play an important role in these areas, and it is important for security and privacy experts to have an understanding of how people will interact with the systems they develop. This course is designed to introduce students to a variety of usability and user interface problems related to privacy and security and to give them experience in designing studies aimed at helping to evaluate usability issues in security and privacy systems. The course is suitable both for students interested in privacy and security who would like to learn more about usability, as well as for students interested in usability who would like to learn more about security and privacy. Much of the course will be taught in a graduate seminar style in which all students will be expected to do a weekly reading assignment and each week different students will prepare a presentation for the class. Students will also work on a group project throughout the semester. The course is open to all graduate students who have technical backgrounds. Juniors and seniors may enroll with permission of one of the instructors.

Readings will be assigned from the following text (available in the CMU bookstore and from all the usual online stores). Additional readings will be assigned from papers available online or handed out in class.

• Security and Usability: Designing Secure Systems that People Can Use, edited by Lorrie Cranor and Simson Garfinkel

Note, this is subject to change. The class web site will have the most up-to-date version of this calendar.

Week 1 (January 17, 19): Course overview and introduction to HCI methods

• January 17: Introductions, review syllabus and course policies, course overview, introduce project [Cranor/Reiter/Hong] [slides]
• January 19: Introduction to HCI Methods [Hong] [slides][scribe notes]

Week 2 (January 24, 26): Introduction to privacy and security

• January 24: Introduction to Privacy [Cranor] [slides][scribe notes]
• January 26: Introduction to Security [Reiter] [slides][scribe notes]
• Reading assignment:
  • Chapter 4 Usability Design and Evaluation for Privacy and Security Solutions
  • 'I Didn't Buy it for Myself'
• All students who have not completed human subjects training should do so this week.

Week 3 (January 31, February 2): User studies

• January 31: User studies I [Hong] [slides][scribe notes]
• February 2: User studies II [Jeremy Hyland] [slides][lecture notes][discussion questions][scribe notes]
• Reading assignment:
• Chapter 17 Simple Desktop Security with Chameleon
• Chapter 33 Usability and Privacy: A Study of Kazaa P3P File Sharing
• Chapter 34 Why Johnny Can't Encrypt
• Optional: Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express

Week 4 (February 7, 9): Introduction to usable privacy and security

• February 7: Usable privacy and security [Colleen Koranda] [slides][handouts][scribe notes]
• February 9: Project group formation
• Reading assignment:
• Chapter 1 Psychological Acceptability Revisited
• Chapter 2 The Case for Usable Security
• Chapter 3 Design for Usability
• Chapter 32 Users are not the Enemy
• Project groups will be formed in class on February 9. If you have an idea for a project, come to class prepared to pitch it to your classmates.

Week 5 (February 14, 16): Secure interaction design

• February 14: Secure interaction design [Kami Vaniea] [slides][discussion questions][scribe notes]
• February 16: Guest lecture - Rob Reeder [slides][scribe notes]
• Reading assignment:
• Chapter 13 Goals and Strategies for Secure Interaction Design
• Chapter 15 Sanitization and Usability
• Chapter 27 Creating Usable Security Products for Consumers
• Optional: Improving user-interface dependability through mitigation of human error
• Optional: Empowering Ordinary Consumers to Securely Configure Their Mobile Devices and Wireless Networks

Week 6 (February 21, 23): Trust and semantic attacks

• February 21: Trust and semantic attacks I [Jason Chalecki] [slides][discussion questions][activity]
• February 23: Trust and semantic attacks II [Ponnurangam Kumaraguru] [slides][discussion questions][scribe notes]
• Reading assignment:
• Chapter 5 Designing Secure Systems that People will Trust
• Chapter 14 Fighting Phishing at the User Interface
• Chapter 29 Usability and Security at Microsoft
• Optional: The Battle Against Phishing: Dynamic Security Skins
• Optional: Do Security Toolbars Actually Prevent Phishing Attacks?
• Optional: Why Phishing Works

Week 7 (February 28, March 2): Design for privacy

• February 28: Design for Privacy I [Cranor] [slides]
• March 2: Design for Privacy II [Rachel Shipman] [slides][discussion questions][scribe notes]
• Reading assignment:
• Chapter 19 Privacy Issues and Human-Computer Interaction
• Chapter 20 A User-Centric Privacy Space Framework
• Chapter 21 Five Pitfalls in the Design for Privacy
• Optional: Developing Privacy Guidelines for Social Location Disclosure Applications and Services
• Optional: Tor GUI design competition overview, entries, and judges' comments
• Optional: Privacy practices of Internet users: Self-reports versus observed behavior
• Project groups should submit one-page description of proposed project by March 2

Week 8 (March 7, 9): Visualizing privacy

• March 7: Visualizing privacy I [Steve Sheng] [slides]
• March 9: Visualizing privacy II [Janice Tsai] [slides][scribe notes]
• Reading assignment:
• Chapter 22 Privacy Policies and Privacy Preferences
• Chapter 23 Privacy Analysis for the Casual User Through Bugnosis
• Chapter 26 Anonymity Loves Company: Usability and the Network Effect
• Optional: Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware
• Optional: Peripheral Privacy Notifications for Wireless Networks

Spring Break

Week 9 (March 21, 23): Web browser privacy and security

• March 21: Web browser privacy and security I [Ricardo Villamarin] [slides][scribe notes]
• March 23: Web browser privacy and security II [Serge Egelman] [slides][scribe notes]
• Reading assignment:
• Chapter 24 Informed Consent by Design
• Chapter 25 Social Approaches to End-User Security and Privacy Management
• Chapter 28 Firefox and the Worry-free Web
• Optional: Hardening Web browsers against man-in-the-middle and eavesdropping attacks

Week 10 (March 28, 30): Authentication overview and text passwords

• March 28: Authentication overview [Reiter] [slides] [scribe notes]
• March 30: Text passwords [Sasha Romanosky] [slides] [scribe notes]
• Reading assignment:
• Chapter 6 Evaluating Authentication Mechanisms
• Chapter 7 The Memorability and Security of Passwords
• Chapter 8 Designing Authentication Systems with Challenge Questions
• Chapter 12 The Usability of Security Devices

Week 11 (April 4, 6): Project progress report presentations

• April 4: Project progress report presentations [groups TBA]
• April 6: Project progress report presentations [groups TBA]
• Written project progress reports due April 4

Week 12 (April 11, 13): Biometrics and graphical passwords

• April 11: Biometrics [Ashley Brooks] [slides] [scribe notes]
• April 13: Graphical passwords [Kok-Chie Pu] [slides][scribe notes]
• Reading assignment:
• Chapter 9 Graphical Password Schemes
• Chapter 10 Biometric Authentication
• Chapter 11 Identifying Users from Their Typing Patterns
• Optional: Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice
• Optional: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems
• Optional: Graphical Passwords: A Survey

Week 13 (April 18): PKIs and secure communications

• April 18: PKIs and secure communications [Levi Broderick] [slides]
• April 20: Spring Carnival, no class
• Reading assignment:
• Chapter 16 Making the Impossible Easy: Usable PKI
• Chapter 30 Embedding Security in Collaborative Applications: A Lotus/Domino Perspective
• Chapter 31 Achieving Usable Security in Groove Virtual Office

Week 14 (April 25, 27): CHI 2006

• April 25: CHI2006 - no class
• April 27: CHI2006 - no class

Week 15 (May 2, 4): Tools for security administration and Final project presentations

• May 2:Tools for security administration [Matthew Desantis] [slides]
• May 4: no class - meet with your project groups
• Reading assignment:
• Chapter 18 Security Administration Tools and Practices
• Attacking Information Visualization System Usability Overloading and Deceiving the Human
• [Note: CFP2006 is this week]

This class will have no final exam, however, the final exam period on May 9 at 9 am will be used for final project presentations. Final project papers will be due May 12 at 4pm.

Cheating and plagiarism will not be tolerated. Students caught cheating or plagiarizing will receive no credit for the assignment on which the cheating occurred. Additional actions -- including assigning the student a failing grade in the class or referring the case for disciplinary action -- may be taken at the discretion of the instructors.

Your final grade in this course will be based on:

• 25% Homework
• 25% Lecture
• 50% Project

Homework

Homework assignments for this class will include reading summaries and lecture notes. Your two lowest homework grades will be dropped from your homework average.

Students are expected to do reading assignments prior to class so that they can participate fully in class discussions. Students must submit a short summary (3-8 sentences) and a "highlight" for each chapter or article in the reading assignment. The highlight may be something you found particularly interesting or noteworthy, a question you would like to discuss in class, a point you disagree with, etc. Summaries and highlights are due in class at 9:15 am each Tuesday. Summaries and highlights will not be accepted late. If you do not attend class, you will not be permitted to submit your summaries and highlights.

Students will be assigned to take notes during one or more of the class lectures. Each set of notes will count as an additional homework assignment. Notes should be emailed to the instructors as text, HTML, or PDF (with accompanying Word or Latex) within 48 hours of the lecture for which they were taken. These notes will be posted on the class web site. In addition, the instructors may include all or part of your notes in an instructor's guide they are writing for future usable privacy and security courses.

Lecture

Each student will be assigned a class lecture to prepare and present. The lecture should be based on the topics covered in that week's reading assignment, but it should go beyond the materials in the reading. For example, you might read and present some of the related work mentioned in the reading or that you find on your own (the HCISec Bibliography is a good starting point for finding relevant papers), you might present some of the optional reading materials, you might demonstrate software mentioned in the reading, you might critique a design discussed in the reading, or you might design a class exercise for your classmates. As part of your lecture you should prepare several discussion questions and lead a class discussion. You should also introduce your fellow students to terminology and concepts they might not be familiar with that are necessary to understand the material you are presenting. You should email to the instructors a set of PowerPoint slides including lecture notes and discussion questions. These slides will be posted on the class web site. In addition, the instructors may include all or part of your presentation slides and notes in an instructor's guide they are writing for future usable privacy and security courses.

Project

Students will work on semester projects in small groups that include students with a variety of areas of expertise. Each project group will propose a project. It is expected that most projects will involve the design of a user study to evaluate the design of an existing or proposed privacy- or security-related system or gain insight into users' attitudes or mental models related to some aspect of security or privacy. Groups with ideas for other types of projects should discuss them with the professors before submitting their project proposals. As part of the project students will:

• Submit a one-page project proposal by March 2.
• Complete an IRB application with all necessary attachments.
• Design all questionnaires, scripts, scenarios, interview protocols, etc. necessary to carry out the user study.
• Develop any prototypes necessary to carry out the user study.
• Test the user study protocol on at least two members of the class and refine it based on these tests.
• Give a 10-minute progress report presentation on April 4 or April 6.
• Submit a written progress report by April 4.
• Conduct a pilot study using the revised protocol with at least three members of the class or other people you know as subjects.
• Give a 15-minute final project presentation on May 2, May 4, or final exam period.
• Write a paper giving an overview of the proposed study, what you hope to learn from it, what you learned from the pilot study, etc. and submit it by May 12 at 4pm. Your IRB forms, survey forms, etc. should be included as appendices.