IEEE Security and Privacy

This special issue covers the design, analysis, deployment, and standardization of security protocols in the real world from both academic and industrial perspectives.

We reflect on our experiences analyzing cryptography deployed “in the wild” and give recommendations to fellow researchers about this process.

We interviewed cryptography experts from academia and industry to learn from their experiences with the design and deployment of cryptographic protocols. We present adoption challenges, including misaligned incentives in academia and standardization, ...

We propose a novel security protocol for on-the-fly collaboration among wearables, addressing significant security challenges, such as data exposure and false information injection. Leveraging wearables’ position on the body, our protocol ensures secure ...

In this article, we study the evolution of Android permissions. We describe the rationale behind key changes in Android’s permission model and disclose two permission-related security vulnerabilities we discovered. Finally, we provide developers ...

We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best current practices and detect known ...

The current techniques and tools for collecting, aggregating, and reporting verifiable sustainability data are vulnerable to cyberattacks and misuse, requiring new security and privacy-preserving solutions. This article outlines security challenges and ...

Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized “building inspector for IoT” to help securely facilitate transfer of the home.

Threshold signatures are a helpful cryptographic primitive to ensure redundancyand distribution of trust for a secret signing key. In this article, we introduce the concept ofthreshold signatures, discuss practical use cases of threshold signatures, and ...

The Virtual Institutes for Cyber and Electromagnetic Spectrum Research and Employ Northwest Institute for Cybersecurity Education and Research was established to train U.S. cybersecurity talent through integrated experiential learning opportunities, ...

Three human factors experts get to the bottom of what the human factors discipline actually is, how the cybersecurity community and organizations can benefit from it, and how to create a pipeline of professionals with human factors and cybersecurity ...