The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely

By

Interdisciplinary Research Group in Socio-technical CybersecurityThe Framework of Security-Enhancing Friction: How UX Can Help Users Behave More SecurelyVerena Distler, Gabriele Lenzini, Carine Lallemand, and Vincent KoenigAbstract:A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this … Continued

“The simplest protocol for oblivious transfer” revisited

By

Interdisciplinary Research Group in Socio-technical Cybersecurity“The simplest protocol for oblivious transfer” revisitedZiya Alper Genç, Vincenzo Iovino, Alfredo RialAbstract:In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is … Continued

Dual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence Intelligence

By

Interdisciplinary Research Group in Socio-technical CybersecurityDual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence IntelligenceZiya Alper Genç, Gabriele LenziniAbstract:Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware engineers re-use the work of others and … Continued

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

By

Interdisciplinary Research Group in Socio-technical CybersecurityAuthentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy SecretsItzel Vazquez Sandoval, Arash Atashpendar, Gabriele LenziniAbstract:We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not … Continued

Transparency by Design in Data-Informed Research: a Collection of Information Design Patterns

By

Interdisciplinary Research Group in Socio-technical CybersecurityTransparency by Design in Data-Informed Research: a Collection of Information Design PatternsRossi Arianna, Lenzini GabrieleAbstract:Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the rights they can exercise and the risks derived from … Continued

Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

By

Interdisciplinary Research Group in Socio-technical CybersecurityCan Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data ProtectionRossi Arianna, Palmirani MonicaAbstract:Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between … Continued

Evaluating ambiguity of privacy indicators in a secure email app

By

Interdisciplinary Research Group in Socio-technical CybersecurityEvaluating ambiguity of privacy indicators in a secure email appStojkovski Borce, Lenzini GabrieleAbstract:Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead … Continued

Making the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators

By

Interdisciplinary Research Group in Socio-technical CybersecurityMaking the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual IndicatorsRossi Arianna, Lenzini GabrieleAbstract:Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of comprehensibility, noticeability, navigability of the … Continued

Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant

By

Interdisciplinary Research Group in Socio-technical CybersecuritySystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instantSymeonidis Iraklis, Lenzini GabrieleAbstract:Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, … Continued

What’s in an Icon? Promises and Pitfalls of Data Protection Iconography

By

Interdisciplinary Research Group in Socio-technical CybersecurityWhat’s in an Icon? Promises and Pitfalls of Data Protection IconographyRossi Arianna, Palmirani MonicaAbstract:Under the General Data Protection Regulation (GDPR), transparency of information becomes an obligation aimed at creating an ecosystem where data subjects understand and control what happens to their personal data. The definition of transparency stresses its user-centric … Continued