References of "Lenzini, Gabriele 50002200"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailComplex, but in a good way? How to represent encryption to non-experts through text and visuals – Evidence from expert co-creation and a vignette experiment
Distler, Verena UL; Gutfleisch, Tamara; Lallemand, Carine UL et al

in Computers in Human Behavior Reports (2022), 4

An ongoing discussion in the field of usable privacy and security debates whether security mechanisms should be visible to end-users during interactions with technology, or hidden away. This paper ... [more ▼]

An ongoing discussion in the field of usable privacy and security debates whether security mechanisms should be visible to end-users during interactions with technology, or hidden away. This paper addresses this question using a mixed-methods approach, focusing on encryption as a mechanism for confidentiality during data transmission on a smartphone application. In study 1, we conducted a qualitative co-creation study with security and Human-Computer Interaction (HCI) experts (N = 9) to create appropriate textual and visual representations of the security mechanism encryption in data transmission. We investigated this question in two contexts: online banking and e-voting. In study 2, we put these ideas to the test by presenting these visual and textual representations to non-expert users in an online vignette experiment (N = 2180). We found a statistically significant and positive effect of the textual representation of encryption on perceived security and understanding, but not on user experience (UX). More complex text describing encryption resulted in higher perceived security and more accurate understanding. The visual representation of encryption had no statistically significant effect on perceived security, UX or understanding. Our study contributes to the larger discussion regarding visible instances of security and their impact on user perceptions. [less ▲]

Detailed reference viewed: 43 (4 UL)
Full Text
Peer Reviewed
See detailAn Analysis of Cholesteric Spherical Reflector Identifiers for Object Authenticity Verification
Arenas Correa, Monica Patricia UL; Demirci, Huseyin UL; Lenzini, Gabriele UL

in Machine Learning and Knowledge Extraction (2022), 4(1), 222-239

Arrays of Cholesteric Spherical Reflectors (CSRs), microscopic cholesteric liquid crystals in a spherical shape, have been argued to become a game-changing technology in anti-counterfeiting. Used to build ... [more ▼]

Arrays of Cholesteric Spherical Reflectors (CSRs), microscopic cholesteric liquid crystals in a spherical shape, have been argued to become a game-changing technology in anti-counterfeiting. Used to build identifiable tags or coating, called CSR IDs, they can supply objects with unclonable fingerprint-like characteristics, making it possible to authenticate objects. In a previous study, we have shown how to extract minutiæ from CSR IDs. In this journal version, we build on that previous research, consolidate the methodology, and test it over CSR IDs obtained by different production processes. We measure the robustness and reliability of our procedure on large and variegate sets of CSR IDs’ images taken with a professional microscope (Laboratory Data set) and with a microscope that could be used in a realistic scenario (Realistic Data set). We measure intra-distance and interdistance, proving that we can distinguish images coming from the same CSR ID from images of different CSR IDs. However, without surprise, images in Laboratory Data set have an intra-distance that on average is less, and with less variance, than the intra-distance between responses from Realistic Data set. With this evidence, we discuss a few requirements for an anti-counterfeiting technology based on CSRs. [less ▲]

Detailed reference viewed: 24 (0 UL)
Full Text
Peer Reviewed
See detailPrivacy-preserving Copy Number Variation Analysis with Homomorphic Encryption
Demirci, Huseyin UL; Lenzini, Gabriele UL

Scientific Conference (2022)

Innovative pharma-genomics and personalized medicine services are now possible thanks to the availability for processing and analysis of a large amount of genomic data. Operating on such databases, is ... [more ▼]

Innovative pharma-genomics and personalized medicine services are now possible thanks to the availability for processing and analysis of a large amount of genomic data. Operating on such databases, is possible to test for predisposition to diseases by searching for genomic variants on whole genomes as well as on exomes, which are collections of protein coding regions called exons. Genomic data are therefore shared amongst research institutes, public/private operators, and third parties, creating issues of privacy, ethics, and data protection because genome data are strictly personal and identifying. To prevent damages that could follow a data breach—a likely threat nowadays—and to be compliant with current data protection regulations, genomic data files should be encrypted, and the data processing algorithms should be privacy-preserving. Such a migration is not always feasible: not all operations can be implemented straightforwardly to be privacypreserving; a privacy-preserving version of an algorithm may not be as accurate for the purpose of biomedical analysis as the original; or the privacy-preserving version may not scale up when applied to genomic data processing because of inefficiency in computation time. In this work, we demonstrate that at least for a wellknown genomic data procedure for the analysis of copy number variants called copy number variations (CNV) a privacy-preserving analysis is possible and feasible. Our algorithm relies on Homomorphic Encryption, a cryptographic technique to perform calculations directly on the encrypted data. We test our implementation for performance and reliability, giving evidence that it is practical to study copy number variations and preserve genomic data privacy. Our proof-of-concept application successfully and efficiently searches for a patient’s somatic copy number variation changes by comparing the patient gene coverage in the whole exome with a healthy control exome coverage. Since all the genomics data are securely encrypted, the data remain protected even if they are transmitted or shared via an insecure environment like a public cloud. Being this the first study for privacy-preserving copy number variation analysis, we demonstrate the potential of recent Homomorphic Encryption tools in genomic applications. [less ▲]

Detailed reference viewed: 52 (3 UL)
Full Text
Peer Reviewed
See detailA Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research
Distler, Verena UL; Fassl, Matthias; Habib, Hana et al

in ACM Transactions on Computer-Human Interaction (2021), 28(6), 50

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most ... [more ▼]

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of methods used in security and privacy studies with human participants. From a sample of 633 papers published at five top conferences between 2014 and 2018 that included keywords related to both security/privacy and usability, we systematically selected and analyzed 284 full-length papers that included human subjects studies. Our analysis focused on study methods; risk representation; the use of prototypes, scenarios, and educational intervention; the use of deception to simulate risk; and types of participants. We discuss benefits and shortcomings of the methods, and identify key methodological, ethical, and research challenges when representing and assessing security and privacy risk. We also provide guidelines for the reporting of user studies in security and privacy. [less ▲]

Detailed reference viewed: 32 (2 UL)
Full Text
Peer Reviewed
See detailWhat's in a Cyber Threat Intelligence sharing platform?: A mixed-methods user experience investigation of MISP
Stojkovski, Borce UL; Lenzini, Gabriele UL; Koenig, Vincent UL et al

in Annual Computer Security Applications Conference (ACSAC ’21) (2021, December)

The ever-increasing scale and complexity of cyber attacks and cyber-criminal activities necessitate secure and effective sharing of cyber threat intelligence (CTI) among a diverse set of stakeholders and ... [more ▼]

The ever-increasing scale and complexity of cyber attacks and cyber-criminal activities necessitate secure and effective sharing of cyber threat intelligence (CTI) among a diverse set of stakeholders and communities. CTI sharing platforms are becoming indispensable tools for cooperative and collaborative cybersecurity. Nevertheless, despite the growing research in this area, the emphasis is often placed on the technical aspects, incentives, or implications associated with CTI sharing, as opposed to investigating challenges encountered by users of such platforms. To date, user experience (UX) aspects remain largely unexplored. This paper offers a unique contribution towards understanding the constraining and enabling factors of security information sharing within one of the leading platforms. MISP is an open source CTI sharing platform used by more than 6,000 organizations worldwide. As a technically-advanced CTI sharing platform it aims to cater for a diverse set of security information workers with distinct needs and objectives. In this respect, MISP has to pay an equal amount of attention to the UX in order to maximize and optimize the quantity and quality of threat information that is contributed and consumed. Using mixed methods we shed light on the strengths and weaknesses of MISP from an end-users’ perspective and discuss the role UX could play in effective CTI sharing. We conclude with an outline of future work and open challenges worth further exploring in this nascent, yet highly important socio-technical context. [less ▲]

Detailed reference viewed: 220 (5 UL)
Full Text
Peer Reviewed
See detailPakeMail: Authentication and Key Management in Decentralized Secure Email and Messaging via PAKE
Vazquez Sandoval, Itzel UL; Atashpendar, Arash; Lenzini, Gabriele UL et al

in Obaidat, Mohammad S.; Ben-Othman, Jalel (Eds.) E-Business and Telecommunications - 17th International Conference on E-Business and Telecommunications, ICETE 2020, Online Event, July 8-10, 2020, Revised Selected Papers. (2021, October)

We propose the use of password-authenticated key exchange (PAKE) for achieving and enhancing entity authentication (EA) and key management (KM) in the context of decentralized end-to-end encrypted email ... [more ▼]

We propose the use of password-authenticated key exchange (PAKE) for achieving and enhancing entity authentication (EA) and key management (KM) in the context of decentralized end-to-end encrypted email and secure messaging, i.e., without a public key infrastructure or a trusted third party. This not only simplifies the EA process by requiring users to share only a low-entropy secret such as a memorable word, but it also allows us to establish a high-entropy secret key. This approach enables a series of cryptographic enhancements and security properties, which are hard to achieve using out-of-band (OOB) authentication. We first study a few vulnerabilities in voice-based OOB authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. We then propose tackling public key authentication by solving the problem of secure equality test using PAKE and discuss various protocols and their properties. This method enables the automation of important KM tasks such as key renewal and future key pair authentications, reduces the impact of human errors and lends itself to the asynchronous nature of email and modern messaging. It also provides cryptographic enhancements including multi-device synchronization, and secure secret storage/retrieval, and paves the path for forward secrecy, deniability and post-quantum security.We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols. We present an implementation of our proposal, called PakeMail, to demonstrate the feasibility of the core idea and discuss some of its cryptographic details, implemented features and efficiency aspects. We conclude with some design and security considerations, followed by future lines of work. [less ▲]

Detailed reference viewed: 51 (2 UL)
Full Text
Peer Reviewed
See detailCholesteric Spherical Reflectors as Physical Unclonable Identifiers in Anti-counterfeiting
Arenas Correa, Monica Patricia UL; Demirci, Huseyin UL; Lenzini, Gabriele UL

in Journal of the Association for Computing Machinery (2021, August 17), 16

Detailed reference viewed: 19 (0 UL)
Full Text
Peer Reviewed
See detail"Unless One Does the Research, It May Seem as Just a Useless Battery-Consuming App" - Field Notes on COVID-19 Contact Tracing Applications
Stojkovski, Borce UL; Abu-Salma, Ruba; Triquet, Karen et al

in Digital Threats: Research and Practice (2021)

Globally, countries have been developing contact tracing applications to control the spread of the Coronavirus (COVID-19) disease. In this work, we present the findings of eight focus groups we conducted ... [more ▼]

Globally, countries have been developing contact tracing applications to control the spread of the Coronavirus (COVID-19) disease. In this work, we present the findings of eight focus groups we conducted with participants living in France and Germany, to explore why they decided to adopt, or not adopt, a contact tracing application as well as understand how they perceived the benefits/drawbacks and the threat model of a contact tracing application. [less ▲]

Detailed reference viewed: 30 (1 UL)
Full Text
Peer Reviewed
See detailCut-and-Mouse and Ghost Control: Exploiting Antivirus Software with Synthesized Inputs
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in Digital Threats: Research and Practice (2021), 2(1),

To protect their digital assets from malware attacks, most users and companies rely on antivirus (AV) software. AVs' protection is a full-time task against malware: This is similar to a game where malware ... [more ▼]

To protect their digital assets from malware attacks, most users and companies rely on antivirus (AV) software. AVs' protection is a full-time task against malware: This is similar to a game where malware, e.g., through obfuscation and polymorphism, denial of service attacks, and malformed packets and parameters, tries to circumvent AV defences or make them crash. However, AVs react by complementing signature-based detection with anomaly or behavioral analysis, and by using OS protection, standard code, and binary protection techniques. Further, malware counter-acts, for instance, by using adversarial inputs to avoid detection, and so on. In this cat-and-mouse game, a winning strategy is trying to anticipate the move of the adversary by looking into one's own weaknesses, seeing how the adversary can penetrate them, and building up appropriate defences or attacks. In this article, we play the role of malware developers and anticipate two novel moves for the malware side to demonstrate the weakness in the AVs and to improve the defences in AVs' side. The first one consists in simulating mouse events to control AVs, namely, to send them mouse "clicks" to deactivate their protection. We prove that many AVs can be disabled in this way, and we call this class of attacks Ghost Control. The second one consists in controlling whitelisted applications, such as Notepad, by sending them keyboard events (such as "copy-and-paste") to perform malicious operations on behalf of the malware. We prove that the anti-ransomware protection feature of AVs can be bypassed if we use Notepad as a "puppet" to rewrite the content of protected files as a ransomware would do. Playing with the words, and recalling the cat-and-mouse game, we call this class of attacks Cut-and-Mouse. We tested these two attacks on 29 AVs, and the results show that 14 AVs are vulnerable to Ghost Control attack while all 29 AV programs tested are found vulnerable to Cut-and-Mouse. Furthermore, we also show some weaknesses in additional protection mechanisms of AVs, such as sandboxing and CAPTCHA verification. We have engaged with the affected AV companies, and we reported the disclosure communication with them and their responses. [less ▲]

Detailed reference viewed: 116 (5 UL)
See detailAddressing Hate Speech with Data Science: An Overview from Computer Science Perspective
Lenzini, Gabriele UL; Srba; Pikuliak, Matus et al

E-print/Working paper (2021)

From a computer science perspective, addressing on-line hate speech is a challenging task that is attracting the attention of both industry (mainly social media platform owners) and academia. In this ... [more ▼]

From a computer science perspective, addressing on-line hate speech is a challenging task that is attracting the attention of both industry (mainly social media platform owners) and academia. In this chapter, we provide an overview of state-of-the-art data-science approaches - how they define hate speech, which tasks they solve to mitigate the phenomenon, and how they address these tasks. We limit our investigation mostly to (semi-)automatic detection of hate speech, which is the task that the majority of existing computer science works focus on. Finally, we summarize the challenges and the open problems in the current data-science research and the future directions in this field. Our aim is to prepare an easily understandable report, capable to promote the multidisciplinary character of hate speech research. Researchers from other domains (e.g., psychology and sociology) can thus take advantage of the knowledge achieved in the computer science domain but also contribute back and help improve how computer science is addressing that urgent an d socially relevant issue which is the prevalence of hate speech in social media. [less ▲]

Detailed reference viewed: 86 (5 UL)
Full Text
Peer Reviewed
See detailA workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms
Stojkovski, Borce UL; Lenzini, Gabriele UL

in 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (2021)

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing ... [more ▼]

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community. Motivated by this research gap, we ground our work in the concrete challenge of understanding users’ perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform. We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model. [less ▲]

Detailed reference viewed: 62 (12 UL)
Full Text
Peer Reviewed
See detailA workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms
Stojkovski, Borce UL; Lenzini, Gabriele UL

in 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (2021)

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing ... [more ▼]

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community. Motivated by this research gap, we ground our work in the concrete challenge of understanding users’ perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform. We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model. [less ▲]

Detailed reference viewed: 62 (12 UL)
See detailData protection in the context of covid-19. A short (hi)story of tracing applications.
Poillot, Elise UL; Lenzini, Gabriele UL; Resta, Giorgio et al

Book published by RomaTrE-Press (2021)

The volume presents the results of a research project (named “Legafight”) funded by the Luxembourg Fond National de la Recherche in order to verify if and how digital tracing applications could be ... [more ▼]

The volume presents the results of a research project (named “Legafight”) funded by the Luxembourg Fond National de la Recherche in order to verify if and how digital tracing applications could be implemented in the Grand-Duchy in order to counter and abate the Covid-19 pandemic. This inevitably brought to a deep comparative overview of the various existing various models, starting from that of the European Union and those put into practice by Belgium, France, Germany and Italy, with attention also to some Anglo-Saxon approaches (the UK and Australia). Not surprisingly the main issue which had to be tackled was that of the protection of the personal data collected through the tracing applications, their use by public health authorities and the trust laid in tracing procedures by citizens. Over the last 18 months tracing apps have registered a rise, a fall, and a sudden rebirth as mediums devoted not so much to collect data, but rather to distribute real time information which should allow informed decisions and be used as repositories of health certifications. [less ▲]

Detailed reference viewed: 29 (2 UL)
Full Text
Peer Reviewed
See detailA workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms
Stojkovski, Borce UL; Lenzini, Gabriele UL

in 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (2021)

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing ... [more ▼]

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community. Motivated by this research gap, we ground our work in the concrete challenge of understanding users’ perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform. We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model. [less ▲]

Detailed reference viewed: 62 (12 UL)
Peer Reviewed
See detailLessons to be learnt from the crisis. The Rise and Fall (and Rise?) of Tracing Application
Poillot, Elise UL; Resta, Giorgio; Zeno-Zencovich, Vincenzo et al

in Poillot, Elise; Resta, Giorgio; Zeno-Zencovich, Vincenzo (Eds.) et al Data Protection in the Context of Covid-19. A Short (Hi)story of Tracing Applications (2021)

Detailed reference viewed: 27 (1 UL)
Full Text
Peer Reviewed
See detailWhich Properties has an Icon? A Critical Discussion on Evaluation Methods for Standardised Data Protection Iconography
Rossi, Arianna UL; Lenzini, Gabriele UL

in Proceedings of the 8th Workshop on Socio-Technical Aspects in Security and Trust (STAST) (2021)

Following GDPR's Article12.7's proposal to use standardized icons to inform data subject in "an easily visible, intelligible and clearly legible manner," several icon sets have been developed. In this ... [more ▼]

Following GDPR's Article12.7's proposal to use standardized icons to inform data subject in "an easily visible, intelligible and clearly legible manner," several icon sets have been developed. In this paper, we firstly critically review some of those proposals. We then examine the properties that icons and icon sets should arguably fulfill according to Art.12's transparency provisions. Lastly, we discuss metrics and evaluation procedures to measure compliance with the Article. [less ▲]

Detailed reference viewed: 226 (28 UL)
Full Text
Peer Reviewed
See detailA workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms
Stojkovski, Borce UL; Lenzini, Gabriele UL

in 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (2021)

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing ... [more ▼]

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community. Motivated by this research gap, we ground our work in the concrete challenge of understanding users’ perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform. We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model. [less ▲]

Detailed reference viewed: 62 (12 UL)
Full Text
Peer Reviewed
See detailThe French National Framework of Tracing Applications
Poillot, Elise UL; Lenzini, Gabriele UL

in Poillot, Elise; Lenzini, Gabriele; Resta, Giorgio (Eds.) Data Protection in the Context of Covid-19. A Short (Hi)story of Tracing Applications (2021)

available on line (click on scarica): https://romatrepress.uniroma3.it/libro/data-protection-in-the-context-of-covid-19-a-short-history-of-tracing-applications/

Detailed reference viewed: 21 (0 UL)
Full Text
Peer Reviewed
See detail"I am definitely manipulated, even when I am aware of it. It’s ridiculous!" - Dark Patterns from the End-User Perspective
Bongard-Blanchy, Kerstin UL; Rossi, Arianna UL; Rivas, Salvador UL et al

in Proceedings of ACM DIS Conference on Designing Interactive Systems (2021)

Online services pervasively employ manipulative designs (i.e., dark patterns) to influence users to purchase goods and subscriptions, spend more time on-site, or mindlessly accept the harvesting of their ... [more ▼]

Online services pervasively employ manipulative designs (i.e., dark patterns) to influence users to purchase goods and subscriptions, spend more time on-site, or mindlessly accept the harvesting of their personal data. To protect users from the lure of such designs, we asked: are users aware of the presence of dark patterns? If so, are they able to resist them? By surveying 406 individuals, we found that they are generally aware of the influence that manipulative designs can exert on their online behaviour. However, being aware does not equip users with the ability to oppose such influence. We further find that respondents, especially younger ones, often recognise the "darkness" of certain designs, but remain unsure of the actual harm they may suffer. Finally, we discuss a set of interventions (e.g., bright patterns, design frictions, training games, applications to expedite legal enforcement) in the light of our findings. [less ▲]

Detailed reference viewed: 260 (27 UL)
Full Text
Peer Reviewed
See detail"I Personally Relate It to the Traffic Light": A User Study on Security & Privacy Indicators in a Secure Email System Committed to Privacy by Default
Stojkovski, Borce UL; Lenzini, Gabriele UL; Koenig, Vincent UL

in Proceedings of the 36th Annual ACM Symposium on Applied Computing (2021)

Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of ... [more ▼]

Improving the usability and adoption of secure (i.e. end-to-end encrypted) email systems has been a notorious challenge for over two decades. One of the open questions concerns the amount and format of information that should be communicated to users to inform them of the security and privacy properties with respect to different messages or correspondents. Contributing to the ongoing discussion on the usability and effectiveness of security and privacy indicators, particularly in the context of systems targeting non-expert users, this paper sheds light on users' evaluation of traffic light-inspired indicators, as a metaphor to represent different privacy states and guarantees, provided by a new system for email end-to-end encryption called p≡p. Using a mixed-methods approach, based on input gathered from 150 participants in three online studies, we highlight the pros and cons of the traffic light semantic in p≡p's context and beyond, and discuss the potential implications on the perceived security and use of such systems. [less ▲]

Detailed reference viewed: 298 (10 UL)