Interdisciplinary Research Group in Socio-technical CybersecurityA Conceptual Framework to Study Socio-Technical SecurityAna Ferreira, Jean-Louis Huynen, Vincent Koenig, Gabriele LenziniAbstract:We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse … Continued

Interdisciplinary Research Group in Socio-technical CybersecuritySocio-technical Security Analysis of Wireless HotspotsAna Ferreira, Jean-Louis Huynen, Vincent Koenig, Gabriele LenziniAbstract:We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a attacker. We identify research questions about possible … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityEnvisioning secure and usable access control for patientsAna Ferreira, Gabriele Lenzini, Catia Santos-Pereira, Alexandre B. Augusto, Manuel E. CorreiaAbstract:Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityRemark!: A Secure Protocol for Remote ExamsRosario Giustolisi, Gabriele Lenzini, Peter Y. A. RyanAbstract:This manuscript presents Remark!, an electronic exam protocol which achieves several authentication, (conditional) anonymity, privacy, and verifiability properties without trusted third parties. Remark! is primarily designed for invigilated Internet-based exams but it also fits computer-based exams with … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityA Socio-technical Understanding of TLS Certificate ValidationGiampaolo Bella, Rosario Giustolisi, Gabriele LenziniAbstract:To authenticate a web server, modern browsers check whether a TLS certificate is valid. This check is socio-technical because, when the technical validation fails, it may request the user to decide, intertwining the usual technical issues with social elements, … Continued

Interdisciplinary Research Group in Socio-technical CybersecuritySocio-technical formal analysis of TLS certificate validation in modern browsersBella, Giampaolo, Giustolisi Rosario, Lenzini GabrieleAbstract:Authenticating a web server is crucial to the security of web browsing. It relies on TLS certificate validation, a property whose enforcement may require getting the user involved. Thus, certificate validation is a socio-technical property - … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityDEMO: Demonstrating a Trust Framework for Evaluating GNSS Signal IntegrityXihui Chen, Carlo Harpes, Gabriele Lenzini, Miguel Martins, Sjouke Mauw, Jun PangAbstract:Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityLocation Assurance and Privacy in GNSS NavigationChen Xihui, Harpes Carlo,Lenzini Gabriele, Mauw Sjouke, Pang JunAbstract:The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a user’s location also gives rise to severe privacy concerns. … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityA trust framework for evaluating GNSS signal integrityXihui Chen, Gabriele Lenzini, Martins Miguel, Sjouke Mauw, Jun PanAbstract:Through real-life experiments, it has been proved, not only in theory but also in practice, that civil signals of Global Navigation Satellite Systems (GNSS) can be spoofed. Consequently, a number of spoofing detection techniques … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityDesign and formal analysis of a group signature based electronic toll pricing systemChen Xihui, Lenzini Gabriele, Mauw Sjouke, Pang JunAbstract:Location-based vehicle services have been enduring a rapid growth with the prevalence of GNSS technologies, nowadays freely available for everyone. Given the nature of location data, privacy is of prime importance … Continued