Next Steps toward More Trustworthy Interfaces

1
Next Steps toward More Trustworthy Interfaces

• Burt Kaliski, RSA Laboratories1st Workshop on
  Trustworthy Interfaces for Passwords and Personal
  InformationJune 13, 2005

2
Market Problem

• Users dont have a convenient way of gaining
  confidence that the applications theyre
  interacting with are the correct ones
• especially when entering passwords and personal
  information
• User interface is typically not trustworthy, so
  cant tell if application can be trusted
• WYSINWYG what you see isnt necessarily what
  you get
• An important and relatively separable part of the
  broader trustworthy computing issue

3
Not Just Passwords

• More trustworthy interfaces benefit other
  authentication types besides traditional
  passwords, e.g.
• PIN entry for smart cards and other security
  tokens
• one-time passwords (challenge-response,
  event-sync, time-sync)
• passwords to unlock software credentials
• Trustworthy interfaces can be a platform for
  transitioning to stronger authentication,
  starting with passwords

4
Multiple Stakeholders

• Market problem brings together multiple parties
  involved in the interfaces and supporting
  protocols
• Application developers
• Browser, OS and desktop software vendors
• Identity providers and certificate authorities
• User experience designers
• Research community
• None can address the full problem alone
  stakeholders must work together

5
Some Related Work

• All of this workshop, of course
• Kim Camerons Laws of Identity, at the system
  level
• Carl Ellison and Jesse Walkers Ceremonies
• protocol interaction involving humans

1. User control and consent
2. Minimal disclosure for a constrained use
3. Justifiable parties
4. Directed identity
5. Pluralism of operators and technologies
6. Human integration
7. Consistent experience across contexts

6
Proposed Criteria for a Trustworthy Interface for
Passwords and Personal Information

1. User can tell when interacting with an
   application through a trustworthy interface
   (e.g., via reserved real estate)
2. Interface provides a trusted path for data
   entry, protecting against other software
3. User can activate interface, or it can be
   activated automatically
4. User can verify identity of application through
   interface
5. Authentication is mutual application must also
   demonstrate knowledge of password (or other
   authentication credential)
6. Personal information is protected trusted
   interface wont provide to incorrect application

7
Presumptions

• Market problem is important
• Collaboration of multiple stakeholders is
  essential to solve it
• Industry goal
• Provide trustworthy interfaces that give users
  confidence that their online interactions are
  with parties they trust, especially when entering
  passwords and personal information

8
Potential CollaborationsPutting TIPPI into
Practice

• Publish workshop summaries and propose concepts
  in other forums
• Prepare an open letter challenging the industry
  to improve interfaces
• Promote industry standards efforts
• user interface criteria and specific user
  experience designs
• supporting protocols and APIs
• Provide reference implementations
• browser plug-ins, OS extensions
• Plan on 2nd TIPPI Workshop, June 2006! ?

9
For More Information

• Burt KaliskiChief Scientist, RSA LaboratoriesVP
  Research, RSA Securitybkaliski_at_rsasecurity.com
• Magnus NyströmTechnical Director, Office of the
  CTORSA Security (Stockholm Office)mnystrom_at_rsase
  curity.com
• www.rsasecurity.com

10
(No Transcript)