[toc] ###### tags: `Reading sessions` --- # 2023 <https://dl.acm.org/doi/proceedings/10.1145/3544548> ## [Why I Can’t Authenticate — Understanding the Low Adoption of Authentication Ceremonies with Autoethnography](https://publications.cispa.saarland/3895/1/Why_I_Can_t_Authenticate__Understanding_the_Low_Adoption_of_Authentication_Ceremonies_with_Autoethnography__CHI_2023.pdf) * By Matthias Fassl, Katharina Krombholz * [MD] The paper explores the reasons behind the low adoption of authentication ceremonies, which are used to detect and mitigate Man-in-the-Middle (MitM) attacks on end-to-end encrypted messengers such as Signal, WhatsApp, or Threema. The authors found that non-expert users have difficulties using them correctly, and even security researchers have trouble authenticating others. The paper uses autoethnography to explore the root causes of these issues. The first author kept a five-month research diary of their experience with authentication ceremonies, which uncovered points of failure while planning and conducting authentication ceremonies. These include cognitive load, forgetfulness, social awkwardness, and explanations required by a communication partner. The first author had to keep authentication status in mind, plan meetings, and identify opportunities in time. Often, they forgot about the ceremonies, which resulted in a frustrating experience. Additionally, they had to constantly navigate social rituals to integrate authentication ceremonies in socially acceptable ways. Primarily, this navigation was necessary for formal relationships with acquaintances from work or the members of the extended circle of friends. In contrast, authenticating close friends was less complicated. Consentful and contextual reminders may alleviate the cognitive load in many cases. However, addressing the social aspects of cooperative security mechanisms, such as authentication ceremonies, is more challenging. The paper proposes a design approach for cooperative security that employs cultural transcoding to improve sociocultural aspects of security by design. Using this approach, designers would consider how culture influences security technology and how the security technology may affect cultural practice. # 2020 <https://https://chi2020.acm.org/> ## [Robocalling: STIRRED AND SHAKEN! -An Investigation of Calling Displays on Trust and Answer Rates](https://dl.acm.org/doi/abs/10.1145/3313831.3376679) * By Gregory W. Edwards, Michael J. Gonzales,Marc A. Sullivan * [MD] The paper wants to answer the following questions: * Should telecommunication companies display a STIR/SHAKEN verified indicator to users, and, if so, what should they display? * What would be the impact of that indicator on user trust and answer rates for calls over time? The authors discuss their online surveys, in-person interviews, and lab-based simulation in the paper. Ultimately, the researchers suggest using the label "Valid Number" on the display. They discovered that even with a validation rate of only 30% for calls, using S/S increased trust, frequency of answered calls, and consumer satisfaction. Here is another paper in this context: Characterizing User Comprehension in the STIR/SHAKEN Anti-Robocall Standard [https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3898127]