References of "Lenzini, Gabriele 50002200"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Framework for Analyzing Verifiability in Traditional and Electronic Exams.
Dreier, Jannik; Giustolisi, Rosario UL; Kassem, Ali et al

in Information Security Practice and Experience 11th International Conference, ISPEC 2015, Beijing, China, May 5-8, 2015 (2015)

Detailed reference viewed: 128 (2 UL)
Full Text
Peer Reviewed
See detailA Secure Exam Protocol Without Trusted Parties
Bella, Giampaolo; Giustolisi, Rosario UL; Lenzini, Gabriele UL et al

in ICT Systems Security and Privacy Protection. 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015 (2015)

Detailed reference viewed: 292 (13 UL)
Full Text
Peer Reviewed
See detailMaybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security
Benenson, Zinaida; Lenzini, Gabriele UL; Oliveira, Daniela et al

in Proc. of the New Security Paradigm Workshop (2015)

This paper discusses whether usable security is unattainable for some security tasks due to intrinsic bounds of human cognitive capacities. Will Johnny ever be able to encrypt? Psychology and neuroscience ... [more ▼]

This paper discusses whether usable security is unattainable for some security tasks due to intrinsic bounds of human cognitive capacities. Will Johnny ever be able to encrypt? Psychology and neuroscience literature shows that there are upper bounds on the human capacity for executing cognitive tasks and for information processing. We argue that the usable security discipline should scientifically understand human capacities for security tasks, i.e., what we can realistically expect from people. We propose a framework for evaluation of human capacities in security that assigns socio-technical systems to complexity classes according to their security and usability. The upper bound of human capacity is considered the point at which people start experiencing cognitive strain while performing a task, because cognitive strain demonstrably leads to errors in the task execution. The ultimate goal of the work we initiate in this paper is to provide designers of security mechanisms or policies with the ability to say:“This feature of the security mechanism X or this security policy element Y is inappropriate, because this evidence shows that it is beyond people’s capacity". [less ▲]

Detailed reference viewed: 120 (8 UL)
Full Text
Peer Reviewed
See detailPrinciples of Persuasion in Social Engineering and Their Use in Phishing
Ferreira, Ana UL; Lenzini, Gabriele UL; Conventry, Lynne

in T. Tryfonas, I. Askoxylakis (Ed.) Human Aspects of Information Security, Privacy, and Trust Third International Conference, HAS 2015 (2015)

Research on marketing and deception has identified principles of persuasion that in influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different ... [more ▼]

Research on marketing and deception has identified principles of persuasion that in influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini's principles of influence, Gragg's psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies. [less ▲]

Detailed reference viewed: 335 (14 UL)
Full Text
Peer Reviewed
See detailEnvisioning secure and usable access control for patients
Ferreira, Ana UL; Lenzini, Gabriele UL; Santos-Pereira, Cátia et al

in IEEE 3rd International Conference on Serious Games and Applications in Healthcare (2014, May)

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing ... [more ▼]

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing their EHR can commit more faithfully to therapies, thus increasing their treatments’ success rate. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR. [less ▲]

Detailed reference viewed: 192 (35 UL)
Full Text
Peer Reviewed
See detailA Conceptual Framework to Study Socio-Technical Security
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2014)

We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and ... [more ▼]

We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse technical and social vulnerabilities. We show how to apply the framework in a use case scenario. [less ▲]

Detailed reference viewed: 271 (48 UL)
Full Text
Peer Reviewed
See detailSecure exams despite malicious management
Bella, Giampaolo; Giustolisi, Rosario UL; Lenzini, Gabriele UL

in Twelfth Annual International Conference on Privacy, Security and Trust (PST), Ryerson University, Toronto, July 23-24, 2014 (2014)

Detailed reference viewed: 124 (7 UL)
Full Text
See detailOn the verifiability of (electronic) exams
Dreier, Jannik; Giustolisi, Rosario; Kassem, Ali et al

Report (2014)

The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a ... [more ▼]

The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a trustworthy business, anyone and not only the authorities should be allowed to look into an exam’s records and verify the presence or the absence of frauds. In short, exams should be verifiable. However, what verifiability means for exams is unclear and no tool to analyze an exam’s verifiability is available. In this paper we address both issues: we formalize several individual and universal verifiability properties for traditional and electronic exams, so proposing a set of verifiability properties and clarifying their meaning, then we implement our framework in ProVerif, so making it a tool to analyze exam verifiability. We validate our framework by analyzing the verifiability of two existing exam systems – an electronic and a paper-and-pencil system. [less ▲]

Detailed reference viewed: 123 (3 UL)
Full Text
Peer Reviewed
See detailRemark!: A Secure Protocol for Remote Exams
Giustolisi, Rosario UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Security Protocols XXII - Lecture Notes in Computer Science (2014)

Detailed reference viewed: 378 (58 UL)
Peer Reviewed
See detailProceedings of the 2014 Workshop on Socio-Technical Aspects in Security and Trust, STAST 2014
Bella, Giampaolo; Lenzini, Gabriele UL

Scientific Conference (2014)

Detailed reference viewed: 46 (1 UL)
Full Text
Peer Reviewed
See detailFormal Analysis of Electronic Exams
Dreier, Jannik; Giustolisi, Rosario UL; Kassem, Ali et al

in SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Vienna, Austria, 28-30 August, 2014 (2014)

Detailed reference viewed: 265 (16 UL)
Full Text
Peer Reviewed
See detailA Socio-Technical Methodology for the Security and Privacy Analysis of Services
Bella, Giampaolo; Curzon, Paul; Giustolisi, Rosario UL et al

in IEEE 38th Annual International Computers, Software and Applications Conference Workshops, 27–29 July 2014, Västerås, Sweden (2014)

Detailed reference viewed: 131 (5 UL)
Full Text
Peer Reviewed
See detailSocio-technical Security Analysis of Wireless Hotspots
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2014)

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a ... [more ▼]

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a attacker. We identify research questions about possible factors that may affect user’s security decisions, and propose experiments to answer them. [less ▲]

Detailed reference viewed: 254 (28 UL)
Full Text
Peer Reviewed
See detailDEMO: Demonstrating a Trust Framework for Evaluating GNSS Signal Integrity
Chen, Xihui UL; Harpes, Carlo; Lenzini, Gabriele UL et al

in Proceedings of 20th ACM Conference on Computer and Communications Security (CCS'13) (2013, November)

Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, we ... [more ▼]

Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, we demonstrate a prototype that can verify the integrity of GNSS civil signals. By integrity we intuitively mean that civil signals originate from a GNSS satellite without having been artificially interfered with. Our prototype provides interfaces that can incorporate existing spoofing detection methods whose results are then combined into an overall evaluation of the signal’s integrity, which we call integrity level. Considering the various security requirements from different applications, integrity levels can be calculated in many ways determined by their users. We also present an application scenario that deploys our prototype and offers a public central service – localisation assurance certification. Through experiments, we successfully show that our prototype is not only effective but also efficient in practice. [less ▲]

Detailed reference viewed: 262 (13 UL)
Full Text
Peer Reviewed
See detailOn Tools for Socio-Technical Security Analysis
Ferreira, Ana UL; Giustolisi, Rosario UL; Huynen, Jean-Louis UL et al

Scientific Conference (2013, April 12)

Detailed reference viewed: 112 (27 UL)
Full Text
Peer Reviewed
See detailStudies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates
Ferreira, Ana UL; Giustolisi, Rosario UL; Huynen, Jean-Louis UL et al

in IEEE TrustCom (2013)

Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We ... [more ▼]

Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science. [less ▲]

Detailed reference viewed: 163 (34 UL)
Full Text
Peer Reviewed
See detailSocio-Technical Study On the Effect of Trust and Context when Choosing WiFi Names
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2013), 8203

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into ... [more ▼]

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into accessing dishonest WiFi access points. For this purpose, we conducted an online survey. We used two separate forms. The first form asked a random group of participants to rate a list of wireless names according to their preferences (some real and others purposely made-up) and afterwards with implied trust in mind. The second form was designed to assess the effect of context and it asked a different set of respondents to rate the same list of wireless names in relation to four different contexts. Our results provide some evidence confirming the idea that trust and context can be exploited by an attacker by purposely, or strategically, naming WiFi access points with reference to trust or within certain contexts. We suggest, in certain cases, possible defence strategies. [less ▲]

Detailed reference viewed: 283 (21 UL)
Full Text
Peer Reviewed
See detailWhat Security for Electronic Exams?
Giustolisi, Rosario UL; Lenzini, Gabriele UL; Bella, Giampaolo

in 8th International Conference onRisk and Security of Internet and Systems (CRiSIS), 2013 (2013)

Detailed reference viewed: 134 (9 UL)
Full Text
Peer Reviewed
See detailLocation Assurance and Privacy in GNSS Navigation
Chen, Xihui; Harpes, Carlo; Lenzini, Gabriele UL et al

in ERCIM News (2013), 2013(94),

The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a ... [more ▼]

The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a user’s location also gives rise to severe privacy concerns. Within an ESA (European Space Agency) funded project, we have developed a service that not only verifies the correctness of users’ locations but also enables users to control the accuracy of their revealed locations. [less ▲]

Detailed reference viewed: 80 (7 UL)