Layered Analysis of Security Ceremonies
نویسندگان
چکیده
A security ceremony expands a security protocol with everything that is considered out of band for it. Notably, it incorporates the user, who, according to their belief systems and cultural values, may be variously targeted by social engineering attacks. This makes ceremonies complex and varied, hence the need for their formal analysis aimed at their rigorous understanding. Formal analysis in turn requires clarifying the ceremony structure to build a ceremony model. The model defined here spans over a number of socio-technical layers, ranging from a computer network to society. It inspires a layered analysis of security ceremonies, that is layer by layer. This paper focuses on the human-computer interaction layer, which features a socio-technical protocol between a user persona and a computer interface. Future work will be to traverse all layers by formal analysis.
منابع مشابه
Ceremony Analysis: Strengths and Weaknesses
We investigate known security flaws in the context of security ceremonies to gain an understanding of the ceremony analysis process. The term security ceremonies is used to describe a system of protocols and humans which interact for a specific purpose. Security ceremonies and ceremony analysis is an area of research in its infancy, and we explore the basic principles involved to better underst...
متن کاملProbabilistic Modelling of Humans in Security Ceremonies
We are interested in formal modelling and verification of security ceremonies. Considerable efforts have been put into verifying security protocols, with quite successful tools currently being widely used. The relatively recent concept of security ceremonies, introduced by Carl Ellison, increases the complexity of protocol analysis in several directions: a ceremony should include all relevant o...
متن کاملActor Network Procedures as Psi-calculi for Security Ceremonies
The actor network procedures of Pavlovic and Meadows are a recent graphical formalism developed for describing security ceremonies and for reasoning about their security properties. The present work studies the relations of the actor network procedures (ANP) to the recent psi-calculi framework. Psi-calculi is a parametric formalism where calculi like spior applied-pi are found as instances. Psi...
متن کاملA Proposed Framework for Analysing Security Ceremonies
The concept of a ceremony as an extension of network and security protocols was introduced by Ellison. There are no currently available methods or tools to check correctness of the properties in such ceremonies. The potential application for security ceremonies are vast and fill gaps left by strong assumptions in security protocols. Assumptions include the provision of cryptographic keys and co...
متن کاملCeremony Design and Analysis
The concept of ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature ...
متن کامل