Presentation on theme: "It’s the Anthropology, Stupid! Ross Anderson and Frank Stajano."— Presentation transcript:
It’s the Anthropology, Stupid! Ross Anderson and Frank Stajano
The Virtual Nirvana Imagine in 2025 – –Virtualised app and storage servers –Virtual clients in your laptop (or VR headset) –Bob.work, Bob.play, Bob.bank, Bob.gov… –Could be quite complex: Bob.work on laptop talks to several clients, each with several service providers How will it all hang together?
What goes wrong To a first approximation all attacks are by insiders To a first approximation they all start as errors Military mechanisms (e.g. MLS) can stop well- trained people from entering High data into Low by accident Butt commercial systems are error-prone! Are there other ways of reducing the error rate? It’s largely about context and cues after all…
A modest proposal Protocols often fail because the authentication is one-way instead of two- way (or just the wrong way) So: it’s not enough for the laptop to just display “you are now talking to AlicesPC.work ” It needs something more…
A modest proposal (2) The laptop needs to know whether it’s talking to –Alice.work –Alice.play –Alice.bank –Alice.gov –… Not which VM in the cloud – but which VM in the user’s brain!
To Whom am I Speaking? If attackers are insiders, we need to know which insider For example, people in an unemotional state consistently underestimate their likely reactions when aroused – the “hot-cold empathy gap” We all have strategies to cope with this but … Joe and Sören – Facebook users more open to scams because of noisy distracting environment with continuous partial arousal So what if Alice.play talks to machine.bank?!?
Meatspace solutions Nonverbal channels we use for empathic synchronisation Expression, gesture, tone of voice Much older than speech Interactive too! Human cultures overlay them with ritual, manners, jargons, chants, dress codes …
Reclaiming the Interaction Matt Blaze: real-world protocols (such as ordering wine) Carl Ellison: human–computer interactions as ceremonies Ross: “I am buying 2000 BT shares from you at 131p” Frank Stajano: what hat are you wearing? This would work best if you actually wear it!
Keeping the Channel Open There will be a temptation to just do it all in software – an icon on the screen Our point is that we want to keep the behavioural channel open E.g. you might wear your access badge Maybe better: an active audio feedback channel Not system engineering: applied psychology and anthropology!
Orienting the User It’s not just knowing the user’s mood (as with Peter’s systems for recognising emotions) It’s about putting her in the right mood – and ensuring she doesn’t get out of it without the machine noticing Like singing the national anthem, or reciting a prayer, a critical authentication should not just require solemnity but induce it The password she enters everywhere won’t do
Conclusions Engineers see security as authentication protocols But often they’re part in the brain, part in software Mutual authentication means more than just usability testing – surely we need interaction too Is it feasible to automate an emotional interaction? How do systems get embedded in culture? How do we rediscover ritual – or at least give people the tools to invent it? How else can we replace the vanishing context?