Socio-technical Security Analysis of Wireless Hotspots

Ferreira, Ana; Huynen, Jean-Louis; Koenig, Vincent; Lenzini, Gabriele

doi:10.1007/978-3-319-07620-1_27

Cited by 10 publications

(13 citation statements)

References 6 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such trust cannot be ensured by purely technical means because people may be deceived. In this vein, Ferreira et al highlight the pitfalls and subtleties of trusting a name [35]. Also confidentiality becomes a matter of trust when interpreted on a human scale; even messaging a peer over an encrypted channel requires the sender to trust the peer to keep the messages or the encrypting keys from third parties.…”

Section: The Socio-technical Perspectivementioning

confidence: 99%

“…Our ceremony concertina traversal methodology, which has already produced valuable findings [17,35], shall be used to fully address these challenges.…”

Section: Challenge Domainsmentioning

confidence: 99%

“…It enables the researcher to take the guarantees of security and privacy that the technology establishes and to transmit them reliably and effectively to its users. For example, Bella et al have recently adopted it to analyse the TLS certificate validation ceremony [17], Huynen et al to identify critical decision points in the ceremonies that users follow to access WiFi networks via Hotspots [35], and Ferreira et al to outline a research framework [34].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Service security and privacy as a socio-technical problem

Bella

Curzon

Lenzini

2015

JCS

Self Cite

View full text Add to dashboard Cite

Abstract. The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another.The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users.

show abstract

Section: The Socio-technical Perspectivementioning

confidence: 99%

“…Our ceremony concertina traversal methodology, which has already produced valuable findings [17,35], shall be used to fully address these challenges.…”

Section: Challenge Domainsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Service security and privacy as a socio-technical problem

Bella

Curzon

Lenzini

2015

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Unfortunately, most hotspots currently deployed are legacy hotspots and it is going to take time and efforts to change them into Hotspot 2.0-enabled devices. In 2014, Ferreira et al [2] underline regarding Hotspot 2.0 that "although technical security has improved in comparison with the previous hotspot version, many issues still need addressing before its full deployment and usage in parallel with that previous version (which will not quickly disappear)". In addition, even a Hotspot 2.0 may be compromised or controlled by an untrustworthy provider who can carry out different types of man-in-the-middle attacks if the user does not use a VPN.…”

Section: Introductionmentioning

confidence: 99%

Wi-Trust: Computational Trust and Reputation Management for Stronger Hotspot 2.0 Security

Seigneur

2017

JICTS

View full text Add to dashboard Cite

In its list of top ten smartphone risks, the European Union Agency for Network and Information Security ranks network spoofing attacks as number 6. In this paper, we present how we have validated different computational trust and reputation management techniques by means of implemented prototypes in real devices to mitigate malicious legacy Wi-Fi hotspots including spoofing attacks. Then we explain how some of these techniques could be more easily deployed on a large scale thanks to simply using the available extensions of Hotspot 2.0, which could potentially lead to a new standard to improve Wi-Fi networks trustworthiness.

show abstract

“…But as more people use them, and their use does not appear to result in any negative consequence (as far as the average user can tell), the sense of risks associated with the use of the "hotspots" and the internet is reduced [5]. In other words, we may be aware of the risks associated with using mobile devices and wireless network options, but we are also becoming rather blasé about the need to mediate our behaviour and reduce known risks.…”

Section: Introductionmentioning

confidence: 99%

Decision Justifications for Wireless Network Selection

Jeske

Coventry

Briggs

2014

2014 Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

Abstract-A number of security risks are associated with the selection of wireless networks. We examined wireless network choices in a study involving 104 undergraduate social science students. One research goal was to examine the extent to which features (such as padlocks) and colours could be used to 'nudge' individuals towards more secure network and away from open (unsecured) network options. Another goal was to better understand the basis for their decision-making. Using qualitative as well as quantitative data, we were able to differentiate groups whose decision were driven by security concerns, those who made convenience-based decisions, and those whose motives were unclear or undefined. These groups made different network choices, in part due to different perceived functionality of the padlock. We further observed significant effects for the use of colour when nudging participants towards more secure choices. We also wanted to examine the role of individual differences in relation to the choices individuals make. Perceived controllability of risk played a role in terms of the extent to which participants would make more secure vs. unsecure choices, although we obtained no significant group differences when we examined these variables in relation to the different decision justification groups. This indicates that perceived risk perceptions and reasons for decisions may relate differently to the actual behavioural choices individuals make, with perceptions of risk not necessarily relating to the reasons that participants consider when making security decisions.

show abstract

Socio-technical Security Analysis of Wireless Hotspots

Cited by 10 publications

References 6 publications

Service security and privacy as a socio-technical problem

Service security and privacy as a socio-technical problem

Wi-Trust: Computational Trust and Reputation Management for Stronger Hotspot 2.0 Security

Decision Justifications for Wireless Network Selection

Contact Info

Product

Resources

About