NEXTLEAP’s members Ksenia Ermoshina, Harry Halpin and Francesca Musiani will present their joint paper “Can Johnny build a protocol? Co-ordinating developer and user intentions for privacy-enhanced secure messaging protocols” at the 2nd European Workshop on Usable Security. The paper gives an overview of some common protocol design questions facing developers of secure messaging protocols and tests the competing understandings of these questions using STS-inspired interviews with the designers of popular secure messaging protocols ranging from older protocols like PGP and XMPP+OTR to newer unstandardized protocols used in Signal and Briar. Far from taking users as a homogeneous and undifferentiated mass, the paper distinguishes between the low-risk users that appear in most usability studies (such as university students in the USA and Europe) and high-risk activist user-bases in countries such as Ukraine, Iran, Russia and Egypt where securing messages can be a matter of life or death.
Colloated with EuroS&P and Eurocrypt 2016. Today, the security and privacy properties of blockchain technologies are still an emerging field that is need of further research. The Bitcoin electronic cash system introduced the new field of blockchain technology as a practical mechanism for a permissionless and censorship-resistant e-cash over the Internet. However, the decentralized network and public verifiability of Bitcoin often do not provide the security and privacy properties assumed by its users. For example, despite a common assumption that Bitcoin is anonymous, transactions can be de-anonymized, limiting the commercial utility of the network and also harms individual privacy. Generalizations of Bitcoin’s underlying blockchain technology as a platform for smart contracts by Ethereum are still immature. For example, security issues in the underlying programming language for smart contracts in Ethereum led to the massive DAO Hack. More than ever, proper security and privacy properties need to be designed into the underlying framework for blockchain technologies.
NEXTLEAP researchers participated in giving a large two-hour session on Autocrypt which discussed community, useability, protocol and implementation aspects of bringing email encryption to a wider audience. About 70 people attended the session including many major implementors and people involved in the e2e email encryption space. Several conversations and new co-operations ensued.
The whole team met to discuss last advances in sub-projects. Autocrypt team have presented their new UX design approach in order to bring easy encryption to the mass. Claimchain is still at an early stage but fundamental technical considerations have been discussed.
Alfredo Pironti (ioactive) have also presented a shord talk about PGP: 15 years of broken emails… and we are still doing it wrong”
This ‘Open source’ discussion between Francesca Musiani and the cryptographer Ludovic Perret was animated by a journalist.
Abstract: Access to all kinds of data and the ability to collect and exploit them have now reached an unprecedented level. We are facing a unique paradox: we have to give thought to the issues of both access to data and data protection, with an emphasis on personal data protection. How does cryptology - then the science of secrecy, now a science based on trust - evolve, in today’s and tomorrow’s contexts? How should individuals now adapt their behaviours?”
Harry Halpin gave this talk aimed at designers and artists interested in privacy issues and served on the jury panel to chose the Crypto Design Award winner.
Ksenia Ermoshina presenting Nextleap on a roundtable “Outstanding Activism” with Sarah Harrison, Ksenia Ermoshina and Katharina Nocun.
The Internet Rules, But How? An STS take on “Doing” Internet Governance Pre-conference to AoIR by Francesca Musiani.
Carmela Troncoso (IMDEA) will be presenting NEXTLEAP to the CAPSSI Community workshop.
Ksenia Ershomina (CNRS) will be presenting NEXTLEAP and delivering a paper called “End-to-end Encrypted Messaging Protocols”.
“Materializing governance by information infrastructure”, a talk by Francesca Musiani.
When we talk about blockchains as “part of the Web”, we face some specific questions: How does this fit into the same origin security model of the Web? What are the privacy implications, especially when talking about identity management? What part of the Web stack would be involved: client-side, server-side, protocols, interchange formats? What is the relationship to payments, including W3C’s Web Payments work.
NEXTLEAP co-organizes a panel on Decentralization and Privacy. Participants: Carmela Troncoso (IMDEA), Nadim Kobeissi (INRIA Paris), George Danezis (UCL), Harry Halpin (INRIA Paris).
With a presentation by Georges Danezis (UCL).
Summer school on real-world cryptography and privacy, with a presentation by Carmela Troncoso (IMDEA).
NetFutures 2016 “Sharing Economy” Panel with Harry Halpin (INRIA) and George Danezis (UCL).