Service security and privacy as a socio-technical problem

Interdisciplinary Research Group in Socio-technical CybersecurityService security and privacy as a socio-technical problemBella Giampaolo, Curzon Paul, Lenzini GabrieleAbstract:The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research … Continued

A Secure Exam Protocol Without Trusted Parties

Interdisciplinary Research Group in Socio-technical CybersecurityA Secure Exam Protocol Without Trusted PartiesGiampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y. A. RyanAbstract:Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least … Continued

4.2 Social Dynamics Metrics-Working Group Report

Interdisciplinary Research Group in Socio-technical Cybersecurity4.2 Social Dynamics Metrics-Working Group ReportZinaida Benenson, Sören Bleikertz, Simon N.Foley, CarloHarpes,StewartKowalski, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Shari Lawrence Pfleeger, Paul Smith, Sven ÜbelackerAbstract:Individuals continually interact with security mechanisms when performing tasks in everyday life. These tasks may serve personal goals or work goals, be individual or shared. These … Continued

Maybe Poor Johnny Really Cannot Encrypt – The Case for a Complexity Theory for Usable Security

Interdisciplinary Research Group in Socio-technical CybersecurityMaybe Poor Johnny Really Cannot Encrypt – The Case for a Complexity Theory for Usable SecurityZinaida Benenson, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Sven UebelackerAbstract:Psychology and neuroscience literature shows the existance of upper bounds on the human capacity for executing cognitive tasks and for information processing. These bounds are where, … Continued

A Framework for Analyzing Verifiability in Traditional and Electronic Exams

Interdisciplinary Research Group in Socio-technical CybersecurityA Framework for Analyzing Verifiability in Traditional and Electronic ExamsJannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele LenziniAbstract:The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a … Continued

Formal Security Analysis of Traditional and Electronic Exams

Interdisciplinary Research Group in Socio-technical CybersecurityFormal Security Analysis of Traditional and Electronic ExamsJannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, Peter Y. A. RyanAbstract:Nowadays, students can be assessed not only by means of pencil-and-paper tests, but also by electronic exams which they take in examination centers or even from home. Electronic exams are … Continued

In Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security

Interdisciplinary Research Group in Socio-technical CybersecurityIn Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical SecurityAna Ferreira, Jean-Louis Huynen, Vincent Koenig, Gabriele LenziniAbstract:Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use … Continued

Do Graphical Cues Effectively Inform Users? A Socio-Technical Security Study in Accessing Wifi Networks

Interdisciplinary Research Group in Socio-technical CybersecurityDo Graphical Cues Effectively Inform Users? A Socio-Technical Security Study in Accessing Wifi NetworksAna Ferreira, Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini, Salvador RivasAbstract:We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when … Continued

An Analysis of Social Engineering Principles in Effective Phishing

Interdisciplinary Research Group in Socio-technical CybersecurityAn Analysis of Social Engineering Principles in Effective PhishingAna Ferreira, Gabriele LenziniAbstract:Phishing is a widespread practice and a lucrative business. It is invasive and hard to stop: a company needs to worry about all emails that all employees receive, while an attacker only needs to have a response from a … Continued

Principles of Persuasion in Social Engineering and Their Use in Phishing

Interdisciplinary Research Group in Socio-technical CybersecurityPrinciples of Persuasion in Social Engineering and Their Use in PhishingAna Ferreira, Lynne Coventry, Gabriele LenziniAbstract:Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three … Continued