Layered Analysis of Security Ceremonies

A security ceremony expands a security protocol with everything that is considered out of band for it. Notably, it incorporates the user, who, according to their belief systems and cultural values, may be variously targeted by social engineering attacks. This makes ceremonies complex and varied, hence the need for their formal analysis aimed at their rigorous understanding. Formal analysis in turn requires clarifying the ceremony structure to build a ceremony model. The model defined here spans over a number of socio-technical layers, ranging from a computer network to society. It inspires a layered analysis of security ceremonies, that is layer by layer. This paper focuses on the human-computer interaction layer, which features a socio-technical protocol between a user persona and a computer interface. Future work will be to traverse all layers by formal analysis

Sticking and Making:Technology as glue for families separated by prison

Everydayness links the histories and crescendos of our lives. Once we lose this glue , many of our reference points for linking these histories are lost and the structure and patterns of our lives start to unravel. For families separated by prison, telephone calls and letters offer a form of glue, but punitive structures place many constraints on this type of communication. These constraints result in a transformation of technology, often resulting in re-configuration to the point where it plays a different role in the prison context. The analysis presented in this paper points to the need for developing both technologies that support the sharing of everyday experiences and that have functionality to help families re-establish and adjust family relationships and roles. In this analysis we consider how the punitive climate impacts on communication technology design and how to balance this climate with the objective of strengthening family ties

Accessible and inclusive cyber security:a nuanced and complex challenge

It has been argued that human-centred security design needs to accommodate the considerations of three dimensions: (1) security, (2) usability and (3) accessibility. The latter has not yet received much attention. Now that governments and health services are increasingly requiring their citizens/patients to use online services, the need for accessible security and privacy has become far more pressing. The reality is that, for many, security measures are often exasperatingly inaccessible. Regardless of the outcome of the debate about the social acceptability of compelling people to access public services online, we still need to design accessibility into these systems, or risk excluding and marginalising swathes of the population who cannot use these systems in the same way as abled users. These users are particularly vulnerable to attack and online deception not only because security and privacy controls are inaccessible but also because they often struggle with depleted resources and capabilities together with less social, economic and political resilience. This conceptual paper contemplates the accessible dimension of human-centred security and its impact on the inclusivity of security technologies. We scope the range of vulnerabilities that can result from a lack of accessibility in security solutions and contemplate the nuances and complex challenges inherent in making security accessible. We conclude by suggesting a number of avenues for future work in this space.</p

Who says personas can't dance?:The use of comic strips to design information security personas

This paper presents comic strips as an approach to align personas and narrative scenarios; the resulting visual artifact was tested with information security practitioners, who often struggle with wider engagement. It offers ways in which different professional roles can work together to share understanding of complex topics such as information security. It also offers user-centered design practitioners a way to reflect on, and participate with, user research data

A Tactile Visual Library To Support User Experience Storytelling

This paper presents an adult visual narrative stimulus (tactile visual library) that supports the reduction of physical distance between the user-centred design practitioner (maker of the visual narrative artefact) and the user narrative. Two user experience storytelling sessions were conducted involving adult participants, within a community centre in the United Kingdom, who identified themselves as community centre workers or community centre users. A tactile visual library was used to support the production of current experience comic strips, a previously developed instrument that prompts adult visual narrative production. This paper discusses the design philosophy and role of the tactile visual library and presents the method developed to rigorously analyse, verify and display adult user narratives

Seeing the full picture: the case for extending security ceremony analysis

The concept of the security ceremony was introduced a few years ago to complement the concept of the security protocol with everything about the context in which a protocol is run. In particular, such context involves the human executors of a protocol. When including human actors, human protocols become the focus, hence the concept of the security ceremony can be seen as part of the domain of socio-technical studies. This paper addresses the problem of ceremony analysis lacking the full view of human protocols. This paper categorises existing security ceremony analysis work and illustrates how the ceremony picture could be extended to support a more comprehensive analysis. The paper explores recent weaknesses found on the Amazon\u27s web interface to illustrate different approaches to the analysis of the full ceremony picture