Measurement

Research is most impactful when it is predicated on a deep and thorough understanding of the problem space. This understanding has both technical and sociotechnical aspects.

On the technical side, it is important to understand methods used by adversaries, how well those methods work, and how broadly deployed they are. Similarly, it is critical to understand how effective defenses are for defenders, both in terms of stopping attacks and in how easily those defences are deployed by developers and security operators. It is also necessary to measure the security delta (i.e., improvement) achieved when potential mitigations are deployed. In this vein of research, we use methods from the security and Internet measurement communities—for example, threat modeling, security proofs, and Internet scans.

On the sociotechnical side, it is necessary to understand user perceptions of problems. Without this knowledge, it is far too easy to design systems that while technically interesting, will not be adopted by users as they do not solve the problems that are most important to users or solve problems in a way that is incompatible with user workflows. Similarly, it is is important to understand how well users understand given technical concepts to ensure that system interfaces are adopted to user mental models, increasing the probability of correct usage. For sociotechnical understanding, we use methods from the human-computer interaction (HCI) community—for example, usability studies, interviews, and grounded theory data analysis.


Publications

Journals and Magazines

Abstract: TLS inspection—inline decryption, inspection, and re-encryption of TLS traffic—is a controversial practice used for both benevolent and malicious purposes. This article describes measurements of how often TLS inspection occurs and reports on a survey of the general public regarding the practice of TLS inspection. This helps inform security researchers and policymakers regarding current practices and user preferences.

Conferences

Abstract: Understanding how people behave when faced with complex security situations is essential to designing usable security tools. To better understand users' perceptions of their digital lives and how they managed their online security posture, we conducted a series of 23 semi-structured interviews with mostly middle-aged parents from suburban Washington state. Using a grounded theory methodology, we analyzed the interview data and found that participants chose their security posture based on the immense value the Internet provides and their belief that no combination of technology could make them perfectly safe. Within this context, users have a four-stage process for determining which security measures to adopt: learning, evaluation of risks, estimation of impact, and weighing trade-offs to various coping strategies. Our results also revealed that a majority of participants understand the basic principles of symmetric encryption. We found that participants' misconceptions related to browser-based TLS indicators lead to insecure behavior, and it is the permanence of encrypted email that causes participants to doubt that it is secure. We conclude with a discussion of possible responses to this research and avenues for future research.
Abstract: We measure the prevalence and uses of TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 2.9 million certificate tests and find that 1 in 250 TLS connections are TLS-proxied. The majority of these proxies appear to be benevolent, however we identify over 1,000 cases where three malware products are using this technology nefariously. We also find numerous instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness.
Abstract: This paper reports the results of a survey of 1,976 individuals regarding their opinions on TLS inspection, a controversial technique that can be used for both benevolent and malicious purposes. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.