The Psychology of Security Unusability

Presented at DEF CON 17 (2009), Aug. 2, 2009, 4 p.m. (50 minutes).

Most humans have a great deal of difficulty dealing with security issues. This problem is well-known and the standard response is to blame the user, but the real problem is the fact that millennia of evolutionary conditioning has caused humans to act, and react, in predictable ways to certain stimuli and situations, to the extent that in some cases no (normal) human would respond to a security system in the way that its designers intended. This talk looks at what the field of cognitive psychology can tell us about the (often surprising) ways in which the human mind deals with computer security issues, providing insight both for defenders who need to design systems for the way that real people think rather than for an abstract ideal, and for attackers who want to exploit the weaknesses of security interfaces at the human level.


Presenters:

  • Peter Gutmann - University of Auckland, New Zealand
    Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

Links:

Similar Presentations: