A Complete Characterization of Secure Human-Server Communication

David Basin, Saša Radomirović, Michael Schläepfer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)
88 Downloads (Pure)

Abstract

Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

Original languageEnglish
Title of host publication2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015
Subtitle of host publicationProceedings
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages199-213
Number of pages15
ISBN (Electronic)9781467375382
DOIs
Publication statusPublished - 2015
Event28th IEEE Computer Security Foundations Symposium - University of Verona, Polo Zanotto , Verona, Italy
Duration: 13 Jul 201517 Jul 2015
http://csf2015.di.univr.it/ (Link to Conference website)

Publication series

NameProceedings of the IEEE
PublisherIEEE
ISSN (Electronic)2374-8303

Conference

Conference28th IEEE Computer Security Foundations Symposium
Abbreviated titleCSF 2015
CountryItaly
CityVerona
Period13/07/1517/07/15
Internet address

Fingerprint

Servers
Topology
Communication
Internet
Network protocols
Secure communication

Keywords

  • Formal modeling
  • Security ceremonies
  • Security protocols

Cite this

Basin, D., Radomirović, S., & Schläepfer, M. (2015). A Complete Characterization of Secure Human-Server Communication. In 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015: Proceedings (pp. 199-213). (Proceedings of the IEEE). Piscataway: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CSF.2015.21
Basin, David ; Radomirović, Saša ; Schläepfer, Michael. / A Complete Characterization of Secure Human-Server Communication. 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015: Proceedings. Piscataway : Institute of Electrical and Electronics Engineers, 2015. pp. 199-213 (Proceedings of the IEEE).
@inproceedings{5a870f334f734635906bc2d19c99b0db,
title = "A Complete Characterization of Secure Human-Server Communication",
abstract = "Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.",
keywords = "Formal modeling, Security ceremonies, Security protocols",
author = "David Basin and Saša Radomirović and Michael Schl{\"a}epfer",
note = "No funding info",
year = "2015",
doi = "10.1109/CSF.2015.21",
language = "English",
series = "Proceedings of the IEEE",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "199--213",
booktitle = "2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015",

}

Basin, D, Radomirović, S & Schläepfer, M 2015, A Complete Characterization of Secure Human-Server Communication. in 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015: Proceedings. Proceedings of the IEEE, Institute of Electrical and Electronics Engineers, Piscataway, pp. 199-213, 28th IEEE Computer Security Foundations Symposium, Verona, Italy, 13/07/15. https://doi.org/10.1109/CSF.2015.21

A Complete Characterization of Secure Human-Server Communication. / Basin, David; Radomirović, Saša; Schläepfer, Michael.

2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015: Proceedings. Piscataway : Institute of Electrical and Electronics Engineers, 2015. p. 199-213 (Proceedings of the IEEE).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A Complete Characterization of Secure Human-Server Communication

AU - Basin, David

AU - Radomirović, Saša

AU - Schläepfer, Michael

N1 - No funding info

PY - 2015

Y1 - 2015

N2 - Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

AB - Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

KW - Formal modeling

KW - Security ceremonies

KW - Security protocols

UR - http://www.scopus.com/inward/record.url?scp=84961326644&partnerID=8YFLogxK

U2 - 10.1109/CSF.2015.21

DO - 10.1109/CSF.2015.21

M3 - Conference contribution

T3 - Proceedings of the IEEE

SP - 199

EP - 213

BT - 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015

PB - Institute of Electrical and Electronics Engineers

CY - Piscataway

ER -

Basin D, Radomirović S, Schläepfer M. A Complete Characterization of Secure Human-Server Communication. In 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015: Proceedings. Piscataway: Institute of Electrical and Electronics Engineers. 2015. p. 199-213. (Proceedings of the IEEE). https://doi.org/10.1109/CSF.2015.21