Apps that aim to let you talk securely may be made less secure by users who screw up the authentication process.
In the article, "User Error Compromises Many Encrypted Communication Apps", Apps often ask users to verity checksum or short authentication string to make sure the information hasn’t been breached by an intruder. However, this process has been proved insecure by the researchers from University of Alabama at Birmingham.
Researchers mimicked a cryptophone app and have 128 participants attend the test. Participants listened to a random two- or four-word checksum and determined if it matched the words researchers give. The researchers found that study participants frequently accepted calls even if they heard the wrong sequence of words, and often denied calls when the sequence was spoken correctly. Beyond that, researchers say that using a four-word checksum instead of a two-word checksum seemed to decrease security, even though a longer checksum should increase security exponentially.
In the lecture, we learned reasons that may cause project failure: poor IT management and poor IT procedures, inadequate executive support for projects, and inadequate user involvement. The apps, which include RedPhone and Signal, have this authentication problem. These apps' authentication process makes users confused and reduce users' interest. For these reasons, the failure of authentication may cause failure of project.
According to this article, we can know that authentication processed by people is insecure and may affected by subjective thought. when managing a system, authentication and password are needed to be set. Obviously, the authentication process should be totally controlled by computer and system. users and system administrators should not be involved in. The system management should also have a standard procedure. If administrator need change the authentication, he should follow the procedure. Only in this way, the authentication of system can works because computers makes no mistake.
Citation:
http://www.technologyreview.com/news/544516/user-error-compromises-many-encrypted-communication-apps/
Fascinating article. Why am I not surprised? I hope that after these studies they will design a system that will make it easier for people to know when the process is faulty. Or something.
ReplyDelete