Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

By

Interdisciplinary Research Group in Socio-technical CybersecurityAuthentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy SecretsItzel Vazquez Sandoval, Arash Atashpendar, Gabriele LenziniAbstract:We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not … Continued

Transparency by Design in Data-Informed Research: a Collection of Information Design Patterns

By

Interdisciplinary Research Group in Socio-technical CybersecurityTransparency by Design in Data-Informed Research: a Collection of Information Design PatternsRossi Arianna, Lenzini GabrieleAbstract:Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the rights they can exercise and the risks derived from … Continued

Evaluating ambiguity of privacy indicators in a secure email app

By

Interdisciplinary Research Group in Socio-technical CybersecurityEvaluating ambiguity of privacy indicators in a secure email appStojkovski Borce, Lenzini GabrieleAbstract:Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead … Continued

Making the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators

By

Interdisciplinary Research Group in Socio-technical CybersecurityMaking the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual IndicatorsRossi Arianna, Lenzini GabrieleAbstract:Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of comprehensibility, noticeability, navigability of the … Continued

Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant

By

Interdisciplinary Research Group in Socio-technical CybersecuritySystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instantSymeonidis Iraklis, Lenzini GabrieleAbstract:Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, … Continued

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecuritySecurity Analysis of Key Acquiring Strategies Used by Cryptographic RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding … Continued

No Random, No Ransom: A Key to Stop Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNo Random, No Ransom: A Key to Stop Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number … Continued

Next Generation Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNext Generation Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports … Continued

Cholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture

By

Interdisciplinary Research Group in Socio-technical CybersecurityCholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and ArchitectureMathew Schwartz, Gabriele Lenzini, Yong Geng, Peter B. Rønne, Peter Y. A. Ryan, Jan P. F. LagerwallAbstract:The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self‐organize into long‐range ordered structures while maintaining fluidity, has … Continued

An Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR

By

Interdisciplinary Research Group in Socio-technical CybersecurityAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPRCesare Bartolini, Gabriele Lenzini, Cristiana SantosAbstract:The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation … Continued