A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted EmailVazquez Sandoval Itzel, Lenzini GabrieleAbstract:To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome … Continued

Modelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study

By

Interdisciplinary Research Group in Socio-technical CybersecurityModelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case StudyGabriele Lenzini, Marinella PetrocchiAbstract:The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to occasionally faults in … Continued

The DAta Protection REgulation COmpliance Model

By

Interdisciplinary Research Group in Socio-technical CybersecurityThe DAta Protection REgulation COmpliance ModelCesare Bartolini, Gabriele Lenzini, Livio RobaldoAbstract:Understanding whether certain technical measures comply with the General Data Protection Regulation's (GDPR's) principles is complex legal work. This article describes a model of the GDPR that allows for a semiautomatic processing of legal text and the leveraging of state-of-the-art … Continued

A Protocol to Strengthen Password-Based Authentication

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Protocol to Strengthen Password-Based AuthenticationVazquez Sandoval Itzel, Lenzini Gabriele, Stojkovski BorceAbstract:We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o-line dictionary attacks. The core idea is to hash the passwords with a seed that comes from an OTP device, making the resulting identity … Continued

Qualifying and Measuring Transparency: A Medical Data System Case Study

By

Interdisciplinary Research Group in Socio-technical CybersecurityQualifying and Measuring Transparency: A Medical Data System Case StudyDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how … Continued

Experience report: How to extract security protocols’ specifications from C libraries

By

Interdisciplinary Research Group in Socio-technical CybersecurityExperience report: How to extract security protocols’ specifications from C librariesItzel Vazquez Sandoval, Gabriele LenziniAbstract:Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little … Continued

A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Security Analysis, and a Fix, of a Code-Corrupted Honeywords SystemGenç Ziya Alper, Lenzini Gabriele, Ryan Peter, Vazquez Sandoval ItzelAbstract:In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable … Continued

Towards legal compliance by correlating Standards and Laws with a semi-automated methodology

By

Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Law and the software development life cycle

By

Interdisciplinary Research Group in Socio-technical CybersecurityLaw and the software development life cycleBartolini Cesare, Lenzini GabrieleAbstract:The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service engineering. One of the most revolutionary is the introduction of regulations, … Continued