GR2-Designs

Scenario

Stephen is the campaign manager for Governor Morris, currently on the road in a heated presidential election campaign and carrying a slight lead against rival Senator Pullman. They are in Ohio a few days before the pivotal primary, and each campaign must make careful decisions about how to prepare themselves for an upcoming debate. Team Morris and Team Pullman are both very dedicated to their campaigns and will stop at nothing to ensure that their candidates win the nomination.

Everyone on Team Morris was provided mobile phones that they use as their primary method to stay in touch with each other. Stephen must be in frequent contact with his teammates to ensure that everyone is on the same page concerning the day's activities, and that any urgent news that could potentially change the team's strategy can be quickly disseminated to the entire group. At the same time, the team has to be keenly aware of security in the way they communicate. If anyone not involved with the campaign learned of their activities or strategies, such as the media or a rival, it could severely hurt the campaign.

Stephen has sent team members out for the day to accomplish various tasks. One is visiting a local church where Senator Pullman is giving a speech, to see if they can glean any information about how the opposition will position themselves for the upcoming debate. He is responsible for updating Stephen and and rest of Team Morris on any findings. Several new volunteers are added to the campaign to help place signs and knock on doors in key parts of the city to get the word out about Governor Morris. Stephen has to add these new teammates to his list of secure contacts to ensure they can communicate with one another in a secure manner.

At noon today, Stephen receives a news from Pullman speech that current polls suggest the primary race is now dead even. Of particular note is the realization that key voters in rural Ohio that traditionally backed Morris were beginning to waver. Stephen felt that those voters were paramount and was counting on their support until now, but has dedicated most of his staff to campaigning in the city. Upon receiving this news, Stephen must securely send a message to the team with new orders, and the team members need to be sure that the message is from Stephen and not a diversion. The message must go out without tipping off Team Pullman of the revised strategy.

Later that day, Stephen receives a message from someone claiming to be on Team Pullman. He asks to establish a secure messaging connection with Stephen, which Stephen agrees to. The other person turns out to be Tom Duffy, campaign manager of Team Pullman, and he suspiciously suggests that Stephen ought to consider working for Team Pullman instead of Team Morris. Stephen does not like where the conversation is heading, and decides to end the conversation. He also erases any record of the conversation occurring and removes Tom as a contact, to ensure that no trace of the conversation can be found.

Design 1

First, in order to establish a secure connection, Stephan meets with Team Morris and shares his identity. He does this by going to his Contacts panel and clicking share.

Learnability: The "share" action is somewhat ambiguous and may confuse new users (the user may wonder what they are sharing). The use of the standard contacts list should help learnability.

Efficiency: Adding and sharing contact information from the same panel groups temporally related operations and helps make them more efficient.

Safety: The are no unsafe actions available from this screen.

This brings up a Stephan's QR code along with his key. Users can manually enter the key or take a picture of the QR code. In this scenario, Stephan prints out the ID page and passes it around to the other members of Team Morris (the lock button is provided in case the user wants to pass around his or her phone).

Learnability: Most potential users will be familiar with QR codes so this screen shouldn't pose a learnability problem. As the key looks like a serial number under a bar code, the user should pick this out as a numerical representation of the QR code.

Efficiency: QR codes are extremely efficient as the user only needs to take a picture of it.

Safety: If an attacker takes a picture of this QR code or writes down the key, it could allow them to attempt a fishing attack (as seen in this scenario).

Each member of team morris goes to his or her contacts panel and clicks Add. When they do so, they are shown the following, click By QR Codem and are taken to a standard QR code reader. The contact is then added.

Learnability: Again, most users are familiar with QR codes so adding by QR code should be easy. Sadly, many users are also familiar with entering software activation keys and shouldn't have a problem entering the key manually if they need to.

Efficiency: QR Codes are efficient.

Safety: There are two potential safety problems: the user could be tricked into adding the wrong contact or fail to enter they key correctly. Dealing with the former is beyond the scope of this application and the latter can be dealt with by including error detection in the key.

To share

Design 2

Task #1

Storyboard	Learnability	Efficiency	Safety
Key Management Stephen must add the new teammates to his list of secure contacts. The SecureConnect application allows him to log onto the Key Server set up by the campaign to manage public keys. He finds that two of the new volunteers had public keys created for them when issued their mobile phones, so he adds them to his personal contact list, which include their mobile phone number and public key. One user was not yet present in the key server, so Stephen had to help generate a new key for them. This design is meant to mimic a standard phone text messaging layout which the user is likely familiar with, then overlaying the metaphor of user keys necessary to facilitate encrypted messaging.	Pros: The look and feel mimics the standard text messaging application on a typical smartphone. Concepts of contacts carry over, with additional public key data added as an additional facet of contact data. Cons:	Pros: Key Server enables contacts to be added without manual text entry on the phone. Cons: User is required to obtain public key before secure communication is possible.	Pros: Multiple graphical cues suggest that a contact cannot be securely communicated with until a public key is stored for that user. Adding via the Key Server automatically grabs public key data. Cons: User must be continuously reminded of the unsecure nature of their conversations until they successfully add a key. Contacts may still be added even without a key, leaving open the possibility of communicating without encryption.
Contact Management Once the new contacts were added from the Key Server, Stephen is able to view them the contacts tab of the app. Each newly added secure contact with a stored public key is displayed with a key icon next to their name at all times. Contacts without a stored key are also present, and can have a public key entered on the contact editor in order to make them a secure contact. Public keys can be entered manually via the keyboard, pasted from the phone's clipboard (the contact could have sent their key via email or unsecure text, or could have been located via web browser).	Pros: Look and Feel is similar to contact manager on most smartphones. Key metaphor is carried throughout to suggest a secure contact vs an unsecure one. Cons: Users must learn how to enter/obtain the public key for a user that was not obtain from the key server.	Pros: Contacts auto populated from key server Cons: Manual entry of Public key can be tedious. Perhaps alternate automated entry methods are possible here.	Pros: Few safety issues here, as contact data is always updatable. Cons: Removing a contact implies removing all trace of communication with them, which the user must confirm before allowing this action.

Task #2

Storyboard	Learnability	Efficiency	Safety
Secure Chat Window Description of Storyboard	Pros: Cons:	Pros: Cons:	Pros: Cons:
Unsecure Chat Window\|confluence/download/attachments/82324422/photo3.jpg?version=1&modificationDate=1331520439531\|\|\|\|\|\|\|\ Description of Storyboard	Pros: Cons:	Pros: Cons:	Pros: Cons:

Task #3

Storyboard	Learnability	Efficiency	Safety
SB#1 Description of Storyboard	Pros: Cons:	Pros: Cons:	Pros: Cons:
SB#2 Description of Storyboard	Pros: Cons:	Pros: Cons:	Pros: Cons:
SB#3 Description of Storyboard	Pros: Cons:	Pros: Cons:	Pros: Cons:

Design 3