Interdisciplinary Research Group in Socio-technical CybersecurityA Socio-technical Understanding of TLS Certificate ValidationGiampaolo Bella, Rosario Giustolisi, Gabriele LenziniAbstract:To authenticate a web server, modern browsers check whether a TLS certificate is valid. This check is socio-technical because, when the technical validation fails, it may request the user to decide, intertwining the usual technical issues with social elements, … Continued

Interdisciplinary Research Group in Socio-technical CybersecuritySocio-technical formal analysis of TLS certificate validation in modern browsersBella, Giampaolo, Giustolisi Rosario, Lenzini GabrieleAbstract:Authenticating a web server is crucial to the security of web browsing. It relies on TLS certificate validation, a property whose enforcement may require getting the user involved. Thus, certificate validation is a socio-technical property - … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityDEMO: Demonstrating a Trust Framework for Evaluating GNSS Signal IntegrityXihui Chen, Carlo Harpes, Gabriele Lenzini, Miguel Martins, Sjouke Mauw, Jun PangAbstract:Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityLocation Assurance and Privacy in GNSS NavigationChen Xihui, Harpes Carlo,Lenzini Gabriele, Mauw Sjouke, Pang JunAbstract:The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a user’s location also gives rise to severe privacy concerns. … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityA trust framework for evaluating GNSS signal integrityXihui Chen, Gabriele Lenzini, Martins Miguel, Sjouke Mauw, Jun PanAbstract:Through real-life experiments, it has been proved, not only in theory but also in practice, that civil signals of Global Navigation Satellite Systems (GNSS) can be spoofed. Consequently, a number of spoofing detection techniques … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityDesign and formal analysis of a group signature based electronic toll pricing systemChen Xihui, Lenzini Gabriele, Mauw Sjouke, Pang JunAbstract:Location-based vehicle services have been enduring a rapid growth with the prevalence of GNSS technologies, nowadays freely available for everyone. Given the nature of location data, privacy is of prime importance … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityStudies in Socio-Technical Security Analysis: Authentication of Identities with TLS CertificatesAna Ferreira, Rosario Giustolisi, Jean-Louis Huynen, Vincent Koenig, Gabriele LenziniAbstract:Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityOn Tools for Socio-Technical Security AnalysisFerreira Ana, Giustolisi Rosario, Huynen Jean-Louis, Lenzini GabrieleAbstract:Many systems are hacked daily and apparently without much effort. This happens because hackers prefer not to break security mechanisms immediately, but rather to target unguarded components first. Such components, e.g., users and human-computer ceremonies, are hacked by … Continued

Interdisciplinary Research Group in Socio-technical CybersecuritySocio-Technical Study On the Effect of Trust and Context when Choosing WiFi NamesFerreira Ana, Huynen Jean-Louis, Koenig Vincent, Lenzini Gabriele, Rivas SalvadorAbstract:We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityWhat Security for Electronic Exams?Giustolisi Rosario, Lenzini Gabriele, Bella GiampaoloAbstract:Electronic exam systems are pieces of software employed in online educations to assess performances of students. However, both the security of the protocols they reply upon and a general understanding of the possible threats is still to be met. This manuscript … Continued