{"title":"Incidental Incremental In-Band Fingerprint Verification: a Novel Authentication Ceremony for End-to-End Encrypted Messaging","authors":"Nathan Malkin","doi":"10.1145/3584318.3584326","DOIUrl":"https://doi.org/10.1145/3584318.3584326","url":null,"abstract":"End-to-end encryption in popular messaging applications relies on centralized key servers. To keep these honest, users are supposed to meet in person and compare “fingerprints” of their public keys. Very few people do this, despite attempts to make this process more usable, making trust in the systems tenuous. To encourage broader adoption of verification behaviors, this paper proposes a new type of authentication ceremony, incidental incremental in-band fingerprint verification (I3FV), in which users periodically share with their friends photos or videos of themselves responding to simple visual or behavioral prompts (“challenges”). This strategy allows verification to be performed incidentally to normal user activities, incrementally over time, and in-band within the messaging application. By replacing a dedicated security task with a fun, already-widespread activity, I3FV has the potential to vastly increase the number of people verifying keys and therefore strengthen trust in encrypted messaging.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128988947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cybersecurity Regrets: I’ve had a few.... Je Ne Regrette","authors":"K. Renaud, R. Searle, M. Dupuis","doi":"10.1145/3584318.3584319","DOIUrl":"https://doi.org/10.1145/3584318.3584319","url":null,"abstract":"James Baldwin says: “though we would like to live without regrets, and sometimes proudly insist that we have none, this is not really possible, if only because we are mortal”. The field of cybersecurity has its fair share of poor outcomes, some of which are bound to be due to regrettable actions. Similar to other negative emotions, such as fear and shame, it is likely that organisations are using anticipated regret as a behavioural control mechanism in the cybersecurity domain. We explore the nature and characteristics of cyber-related regrets, and the extent to which regret (both anticipated and experienced) influences future cybersecurity decisions. We derive a process model of regret and report on the way cybersecurity regrets occur, what their outcomes are, and how people experience them. We conclude with suggested directions for future research.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132159073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"“It may be a pain in the backside but...” Insights into the resilience of business after GDPR","authors":"G. Buckley, T. Caulfield, Ingolf Becker","doi":"10.1145/3584318.3584320","DOIUrl":"https://doi.org/10.1145/3584318.3584320","url":null,"abstract":"The General Data Protection Regulation (GDPR) came into effect in May 2018 and is designed to safeguard European Union (EU) citizens’ data privacy. The benefits of the regulation to consumers’ rights and to regulators’ powers are well known. The benefits to regulated businesses are less obvious and under-researched. We conduct exploratory research into understanding the socio-technical impacts and resilience of business in the face of a major new disruptive regulation. In particular, we investigate if GDPR is all pain and no gain. Using semi-structured interviews, we survey 14 senior-level executives responsible for business, finance, marketing, compliance and technology drawn from six companies in the UK and Ireland. We find the threat of fines has focused the corporate mind and made business more privacy aware. Organisationally, it has created new power bases within companies to advocate GDPR. It has forced companies to modernise their platforms and indirectly benefited them with better risk management processes, information security infrastructure and up to date customer databases. Compliance, for some, is used as a reputational signal of trustworthiness. Many implementation challenges remain. New business development and intra-company communication is more constrained. Regulation has increased costs and internal bureaucracy. Grey areas remain due to a lack of case law. Disgruntled customers and ex-employees weaponise Subject Access Requests (SAR) as a tool of retaliation. All small and medium-sized businesses in our sample see GDPR as overkill and overwhelming. We conclude GDPR may be regarded as a pain by business but it has made it more careful with data. It created a short-term disruption that monopolised IT budgets in the run-up to GDPR and created a long-term disruption to company politics as Compliance and Information Security leverage the regulation for budget and control. The rising trend in the number of fines issued by national data protection regulators and the establishment of new case law will continue to reshape organisations.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129945491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Toward User Control over Information Access: A Sociotechnical Approach","authors":"Caleb Malchik, J. Feigenbaum","doi":"10.1145/3584318.3584327","DOIUrl":"https://doi.org/10.1145/3584318.3584327","url":null,"abstract":"We study the relationship between Web users and service providers, taking a sociotechnical approach and focusing particularly (but not exclusively) on privacy and security of personal data. Much conventional Web-security practice seeks to protect benevolent parties, both individuals and organizations, against purely malevolent adversaries in an effort to prevent catastrophic events such as data breaches, ransomware attacks, and denial of service. By contrast, we highlight the dynamics among the parties that much conventional security technology seeks to protect. We regard most interactions between users and providers as implicit negotiations that, like the interactions between buyers and sellers in a marketplace, have both adversarial and cooperative aspects. Our goal is to rebalance these negotiations in order to give more power to users; toward that end we advocate the adoption of two techniques, one technical and one organizational. Technically, we introduce the Platform for Untrusted Resource Evaluation (PURE), a content-labeling framework that empowers users to make informed decisions about service providers, reduces the ability of providers to induce behaviors that benefit them more than users, and requires minimal time and effort to use. On the organizational side, we concur with Gordon-Tapiero et al. [19] that a collective approach is necessary to rebalance the power dynamics between users and providers; in particular, we suggest that the data co-op, an organizational form suggested by Ligett and Nissim [25] and Pentland and Hardjono [28], is a natural setting in which to deploy PURE and similar tools.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130663043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Clifford, Miriam Heller, K. Levitt, M. Bishop
{"title":"Autonomous Vehicle Security: Composing Attack, Defense, and Policy Surfaces","authors":"Michael Clifford, Miriam Heller, K. Levitt, M. Bishop","doi":"10.1145/3584318.3584325","DOIUrl":"https://doi.org/10.1145/3584318.3584325","url":null,"abstract":"An attack surface enumerates resources accessible to an attacker for cyber attacks on a system. These resources are: methods that can be called as part of an attack; channels that an attacker outside the system can use to get to a system’s interface; and untrusted data that an attacker can use in conjunction with the system’s programs and channels. Historically, a system’s attacks surface has provided a metric on the vulnerability of a system, in part to compare two systems’ exposure to attack. In this paper we extend the attack surface to (1) include rules on the system’s methods and channels that if enforced would prevent many attacks, and (2) be a composition of more primitive surfaces each characterizing vulnerabilities associated with types of resources, application-specific or system-specific, e.g., files, directories, and channels. We also introduce two additional surfaces. The defense surface identifies system mechanisms that can thwart cyber-attacks through prevention, or through detection followed by mitigation of an attack in progress and then system restoration. The policy surface defines the security policy of a system as reflected by constraints on its interface expected to be satisfied in the system’s operation. The security policy for a corporation would include steps the organization takes to prevent attacks and actions required to address a security incident. More relevant to this paper, the security policy for a community of autonomous vehicles would specify the minimum separation among vehicles that must be maintained even in the presence of a cyber-attack, i.e. a (safety) property. Through an analysis of the intersection of the three surfaces, it is, in principle, possible to determine if a defense exists for every attack that causes a policy violation. And, through computationally-efficient model checking, the defense action can be identified. If more than one defense action exists, model checking will identify all of them, thus enabling the selection of the optimal action based on criteria associated with a CAV.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127865653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Side Auth: Synthesizing Virtual Sensors for Authentication","authors":"Yan Long, Kevin Fu","doi":"10.1145/3584318.3584321","DOIUrl":"https://doi.org/10.1145/3584318.3584321","url":null,"abstract":"While the embedded security research community aims to protect systems by reducing analog sensor side channels, our work argues that sensor side channels can be beneficial to defenders. This work introduces the general problem of synthesizing virtual sensors from existing circuits to authenticate physical sensors’ measurands. We investigate how to apply this approach and present a preliminary analytical framework and definitions for sensors side channels. To illustrate the general concept, we provide a proof-of-concept case study to synthesize a virtual inertial measurement unit from a camera motion side channel. Our work also provides an example of applying this technique to protect facial recognition against silicon mask spoofing attacks. Finally, we discuss downstream problems of how to ensure that side channels benefit the defender, but not the adversary, during authentication.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129478310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Passwords and Cryptwords: The Final Limits on Lengths","authors":"Michael Clark, Kenneth R. Seamons","doi":"10.1145/3584318.3584324","DOIUrl":"https://doi.org/10.1145/3584318.3584324","url":null,"abstract":"Computers get faster every year; brains don’t. Passwords and other memorized credentials have unique usability advantages over tokens and biometrics, so we desire to design secure systems that maintain lengths that users can memorize. Some passwords are subject primarily to online attacks, and are simple to defend with rate limits and lockouts. Others, used to generate encryption keys, must be secure against offline attacks. We coin the term “cryptword” to distinguish these from passwords subject primarily to online attacks. Authentication passwords do not need to get longer as computers get faster, if protected by rate limits and lockouts. Using password key derivation functions (pwKDFs) — a class of preexisting cryptographic algorithms — we show that cryptwords can also remain the same length and maintain their security strength despite advances in computation. We achieve this by regularly updating the pwKDF parameters and regenerating the derived key from the cryptword. In cases where it is not possible to meaningfully regenerate the derived key, such as archival data or public verifiers, cryptword lengths should be chosen to last the lifetime of the data. We provide simple equations that end users and system administrators can use to determine minimal assigned password and cryptword lengths based on personal threat models. We also show how to use the capabilities of cloud computing providers to estimate attacker costs. These same equations give a timeframe for cryptword and secret rotation once the encrypted data leaks. Because these equations do not rely on the current date or current hardware capabilities, they show that if regularly used, password and cryptword lengths can remain constant despite improvements in hardware.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"1048 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131798362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ian Slesinger, Lizzie Coles-Kemp, N. Panteli, René Rydhof Hansen
{"title":"Designing Through The Stack: The Case for a Participatory Digital Security By Design","authors":"Ian Slesinger, Lizzie Coles-Kemp, N. Panteli, René Rydhof Hansen","doi":"10.1145/3584318.3584322","DOIUrl":"https://doi.org/10.1145/3584318.3584322","url":null,"abstract":"Whilst participatory practice is increasingly adopted in end user studies, there has been far less use of a participatory approach when designing lower down the software stack. As a result, end users are often presented with security controls over which they have no control but for which they retain the responsibility. Conversely, hardware and software engineers struggle to innovate new security control designs that are resilient to new and emerging threats. In a study utilising ethnographic research and stakeholder interviews, we show that there is a siloing of communities of practice between hardware security engineers, software engineers and coders, manufacturers in the technology supply chain and end users. Our findings indicate that this siloing and a lack of participatory practice impedes the development of a more cohesive digital security design that integrates security through the stack from the hardware layer upwards to the OS and application layers. These barriers make difficult the negotiation between what is possible lower down the stack with what is needed and wanted higher up the stack. Our findings suggest that a more holistic and comprehensive participatory design approach is required to negotiate a digital security by design paradigm that more evenly distributes power over and responsibility for security controls throughout the stack. Working with the HCI literature on co-production in design, this paper will suggest that a pathway for breaking through this impasse is to utilise objects in the design process of the hardware secure instruction set architecture as a feedback mechanism to incorporate other sets of designers and users in the design process to create a more workable stack.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"374 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114874540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Transparency, Compliance, And Contestability When Code Is(n’t) Law","authors":"A. Hicks","doi":"10.1145/3584318.3584854","DOIUrl":"https://doi.org/10.1145/3584318.3584854","url":null,"abstract":"Both technical security mechanisms and legal processes serve as mechanisms to deal with misbehaviour according to a set of norms. While they share general similarities, there are also clear differences in how they are defined, act, and the effect they have on subjects. This paper considers the similarities and differences between both types of mechanisms as ways of dealing with misbehaviour, and where they interact with each other. Taking into consideration the idea of code as law, we discuss accountability mechanisms for code, and how they must relate to both security principles and legal principles. In particular, we identify the ability to contest norms enforced by code as an important part of accountability in this context. Based on this analysis, we make the case for transparency enhancing technologies as security mechanisms that can support legal processes, in contrast to other types of accountability mechanisms for code. We illustrate this through two examples based on recent court cases that involved Post Office in the United Kingdom and Uber in the Netherlands, and discuss some practical considerations.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122187379","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Partha Das Chowdhury, Andrés Domínguez Hernández, K. Ramokapane, A. Rashid
{"title":"From Utility to Capability: A New Paradigm to Conceptualize and Develop Inclusive PETs","authors":"Partha Das Chowdhury, Andrés Domínguez Hernández, K. Ramokapane, A. Rashid","doi":"10.1145/3584318.3584323","DOIUrl":"https://doi.org/10.1145/3584318.3584323","url":null,"abstract":"The wider adoption of Privacy Enhancing Technologies (PETs) has relied on usability studies – which focus mainly on an assessment of how a specified group of users interface, in particular contexts, with the technical properties of a system. While human-centred efforts in usability aim to achieve important technical improvements and drive technology adoption, a focus on the usability of PETs alone is not enough. PETs development and adoption requires a broadening of focus to adequately capture the specific needs of individuals, particularly of vulnerable individuals and/or individuals in marginalized populations. We argue for a departure, from the utilitarian evaluation of surface features aimed at maximizing adoption, towards a bottom-up evaluation of what real opportunities humans have to use a particular system. We delineate a new paradigm for the way PETs are conceived and developed. To that end, we propose that Amartya Sen’s capability approach offers a foundation for the comprehensive evaluation of the opportunities individuals have based on their personal and environmental circumstances which can, in turn, inform the evolution of PETs. This includes considerations of vulnerability, age, education, physical and mental ability, language barriers, gender, access to technology, freedom from oppression among many important contextual factors.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121024675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}