Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home

The Internet-of-Things (IoT) ushers in a new age where the variety and amount of connected, smart devices present in the home is set to increase substantially. While these bring several advantages in terms of convenience and assisted living, security and privacy risks are also a concern. In this article, we consider this risk problem from the perspective of technology users in the smart home, and set out to provide a usable framework for modelling security and privacy risks. The novelty of this work is in its emphasis on supplying a simplified risk assessment approach, complete with typical smart home use cases, home devices, IoT threat and attack models, and potential security controls. The intention is for this framework and the supporting tool interface to be used by actual home users interested in understanding and managing the risks in their smart home environments

M-health review: joining up healthcare in a wireless world

In recent years, there has been a huge increase in the use of information and communication technologies (ICT) to deliver health and social care. This trend is bound to continue as providers (whether public or private) strive to deliver better care to more people under conditions of severe budgetary constraint

Privacy in crowdsourcing:a systematic review

The advent of crowdsourcing has brought with it multiple privacy challenges. For example, essential monitoring activities, while necessary and unavoidable, also potentially compromise contributor privacy. We conducted an extensive literature review of the research related to the privacy aspects of crowdsourcing. Our investigation revealed interesting gender differences and also differences in terms of individual perceptions. We conclude by suggesting a number of future research directions.</p

How WEIRD is Usable Privacy and Security Research? (Extended Version)

In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations.Comment: This paper is the extended version of the paper presented at USENIX SECURITY 202

Developing a usable security approach for user awareness against ransomware

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThe main purpose of the research presented in this thesis is to design and develop a game prototype for improving user awareness against ransomware, which has been reported as the most significant cyber security threat to the United Kingdom by the National Cyber Security Centre. Digital transformation is helping individuals, organisations, governments and Industrial control systems to modernise and improve their effectiveness. At the same time, cyber crimes are evolving and targeting essential services. A successful cyber attack can compromise users’ privacy, bring bad publicity and financial damage to organisations and target national security. A literature review was conducted to understand threats to the cyber social system. Literature in this thesis reports attackers exploit humans as the weakest link to execute successful security breaches. Therefore to address this challenge, a significant gap has been identified as an opportunity to contribute to user awareness of the ransomware cyber security threat. The current thesis proposes RansomAware a novel game prototype to improve user awareness. The game is based on Technology Threat Avoidance Theory (TTAT) model. In this thesis two studies are carried out, study 1 empirically validates the elements of TTAT to be embedded in the RansomAware prototype and reports a significant change in users’ motivation to avoid ransomware cyber security threat 55% and avoidance behaviour 29%, whereas study 2 evaluates game usability and report significant results of SUS average score of 87.58 and statistical results of p < 0.01 indicate user’s satisfaction of the RansomAware. Finally, the research provides guidelines on how the proposed RansomAware game can be adopted by practitioners and individuals to improve their awareness against the ransomware cyber security threat

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

GHOST - safe-guarding home IoT environments with personalised real-time risk control

We present the European research project GHOST, (Safe-guarding home IoT environments with personalised real-time risk control), which challenges the traditional cyber security solutions for the IoT by proposing a novel reference architecture that is embedded in an adequately adapted smart home network gateway, and designed to be vendor-independent. GHOST proposes to lead a paradigm shift in consumer cyber security by coupling usable security with transparency and behavioural engineering