An investigation into the “beautification” of security ceremonies

Giampaolo Bella; Karen Renaud; Diego  Sempreboni; Luca  Vigano

doi:10.5220/0007921501250136

An investigation into the “beautification” of security ceremonies

Giampaolo Bella, Karen Renaud, Diego Sempreboni, Luca Vigano

Division of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

178 Downloads (Pure)

Abstract

“Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully.

Original language	English
Title of host publication	Proceedings of the 16th International Joint Conference on e-Business and Telecommunications
Editors	Mohammad Obaidat, Pierangela Samarati
Publisher	Scitepress Digital Library
Pages	125-136
Number of pages	12
Volume	2: SECRYPT
ISBN (Print)	9789897583780
DOIs	https://doi.org/10.5220/0007921501250136
Publication status	Published - 26 Jul 2019
Event	16th International Conference on Security and Cryptography - Prague, Czech Republic Duration: 26 Jul 2019 → 28 Jul 2019 Conference number: 16th http://www.secrypt.icete.org/Home.aspx

Conference

Conference	16th International Conference on Security and Cryptography
Abbreviated title	SECRYPT 2019
Country/Territory	Czech Republic
City	Prague
Period	26/07/19 → 28/07/19
Other	SECRYPT is an annual international conference covering research in information and communication security
Internet address	http://www.secrypt.icete.org/Home.aspx

Keywords

Beautiful security
User survey
Formal analysis
Cyber security

Access to Document

10.5220/0007921501250136Licence: CC BY-NC-ND

Renaud_AnInvestigationIntoTheBeautification_Published_2019Final published version, 2.59 MBLicence: CC BY-NC-ND

http://insticc.org/node/TechnicalProgram/icete/presentationDetails/79215

Cite this

@inproceedings{d21c5026cf854e5cb215e23fc51372fb,

title = "An investigation into the “beautification” of security ceremonies",

abstract = "“Beautiful Security” is a paradigm that requires security ceremonies to contribute to the {\textquoteleft}beauty{\textquoteright} of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully.",

author = "Giampaolo Bella and Karen Renaud and Diego Sempreboni and Luca Vigano",

year = "2019",

month = jul,

day = "26",

doi = "10.5220/0007921501250136",

language = "English",

isbn = "9789897583780",

volume = "2: SECRYPT",

pages = "125--136",

editor = "Mohammad Obaidat and Pierangela Samarati",

booktitle = "Proceedings of the 16th International Joint Conference on e-Business and Telecommunications",

publisher = "Scitepress Digital Library",

note = "16th International Conference on Security and Cryptography, SECRYPT 2019 ; Conference date: 26-07-2019 Through 28-07-2019",

url = "http://www.secrypt.icete.org/Home.aspx",

}

Bella, G, Renaud, K, Sempreboni, D & Vigano, L 2019, An investigation into the “beautification” of security ceremonies. in M Obaidat & P Samarati (eds), Proceedings of the 16th International Joint Conference on e-Business and Telecommunications. vol. 2: SECRYPT, Scitepress Digital Library, pp. 125-136, 16th International Conference on Security and Cryptography, Prague, Czech Republic, 26/07/19. https://doi.org/10.5220/0007921501250136

An investigation into the “beautification” of security ceremonies. / Bella, Giampaolo; Renaud, Karen; Sempreboni, Diego et al.

Proceedings of the 16th International Joint Conference on e-Business and Telecommunications. ed. / Mohammad Obaidat; Pierangela Samarati. Vol. 2: SECRYPT Scitepress Digital Library, 2019. p. 125-136.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An investigation into the “beautification” of security ceremonies

AU - Bella, Giampaolo

AU - Renaud, Karen

AU - Sempreboni, Diego

AU - Vigano, Luca

N1 - Conference code: 16th

PY - 2019/7/26

Y1 - 2019/7/26

N2 - “Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully.

AB - “Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully.

U2 - 10.5220/0007921501250136

DO - 10.5220/0007921501250136

M3 - Conference contribution

SN - 9789897583780

VL - 2: SECRYPT

SP - 125

EP - 136

BT - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications

A2 - Obaidat, Mohammad

A2 - Samarati, Pierangela

PB - Scitepress Digital Library

T2 - 16th International Conference on Security and Cryptography

Y2 - 26 July 2019 through 28 July 2019

ER -

An investigation into the “beautification” of security ceremonies

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this