“I personally relate it to the traffic light”: a user study on security & privacy indicators in a secure email system committed to privacy by default

Interdisciplinary Research Group in Socio-technical Cybersecurity“I personally relate it to the traffic light”: a user study on security & privacy indicators in a secure email system committed to privacy by defaultStojkovski Borce, Lenzini Gabriele, Koenig VincentAbstract:Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two … Continued

I am Definitely Manipulated, Even When I am Aware of it. It s Ridiculous! — Dark Patterns from the End-User Perspective

Interdisciplinary Research Group in Socio-technical CybersecurityI am Definitely Manipulated, Even When I am Aware of it. It s Ridiculous! — Dark Patterns from the End-User PerspectiveKerstin Bongard-Blanchy, Arianna Rossi, Salvador Rivas, Sophie Doublet, Vincent Koenig, Gabriele LenziniAbstract:Online services pervasively employ manipulative designs (i.e., dark patterns) to influence users to purchase goods and subscriptions, spend more … Continued

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely

Interdisciplinary Research Group in Socio-technical CybersecurityThe Framework of Security-Enhancing Friction: How UX Can Help Users Behave More SecurelyVerena Distler, Gabriele Lenzini, Carine Lallemand, and Vincent KoenigAbstract:A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this … Continued

Dual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence Intelligence

Interdisciplinary Research Group in Socio-technical CybersecurityDual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence IntelligenceZiya Alper Genç, Gabriele LenziniAbstract:Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware engineers re-use the work of others and … Continued

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

Interdisciplinary Research Group in Socio-technical CybersecurityAuthentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy SecretsItzel Vazquez Sandoval, Arash Atashpendar, Gabriele LenziniAbstract:We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not … Continued

Transparency by Design in Data-Informed Research: a Collection of Information Design Patterns

Interdisciplinary Research Group in Socio-technical CybersecurityTransparency by Design in Data-Informed Research: a Collection of Information Design PatternsRossi Arianna, Lenzini GabrieleAbstract:Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the rights they can exercise and the risks derived from … Continued

Evaluating ambiguity of privacy indicators in a secure email app

Interdisciplinary Research Group in Socio-technical CybersecurityEvaluating ambiguity of privacy indicators in a secure email appStojkovski Borce, Lenzini GabrieleAbstract:Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead … Continued

Making the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators

Interdisciplinary Research Group in Socio-technical CybersecurityMaking the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual IndicatorsRossi Arianna, Lenzini GabrieleAbstract:Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of comprehensibility, noticeability, navigability of the … Continued

Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant

Interdisciplinary Research Group in Socio-technical CybersecuritySystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instantSymeonidis Iraklis, Lenzini GabrieleAbstract:Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, … Continued

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

Interdisciplinary Research Group in Socio-technical CybersecuritySecurity Analysis of Key Acquiring Strategies Used by Cryptographic RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding … Continued