Modeling human errors in security protocols

David Basin, Sasa Radomirovic, Lara Schmid

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)
162 Downloads (Pure)


Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. In this paper, we provide a model for formalizing and reasoning about these inherent human limitations and their consequences. Specifically, we formalize models of fallible humans in security protocols as multiset rewrite theories. We show how the Tamarin tool can then be used to automatically analyze security protocols involving human errors. We provide case studies of authentication protocols that show how different protocol constructions and features differ in their effectiveness with respect to different kinds of fallible humans. This provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.

Original languageEnglish
Title of host publicationIEEE 29th Computer Security Foundations Symposium CSF 2016
Subtitle of host publicationProceedings
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Number of pages16
ISBN (Electronic)9781509026074
Publication statusPublished - 2016
Event29th IEEE Computer Security Foundations Symposium - Fundação Calouste Gulbenkian (FCG), Lisbon, Portugal
Duration: 27 Jun 20161 Jul 2016 (Link to Conference website)

Publication series

NameProceedings of the IEEE
ISSN (Electronic)2374-8303


Conference29th IEEE Computer Security Foundations Symposium
Abbreviated titleCSF 2016
Internet address


  • Formal methods
  • Human errors
  • Security protocols
  • Usable security

Fingerprint Dive into the research topics of 'Modeling human errors in security protocols'. Together they form a unique fingerprint.

  • Profiles

    No photo of Sasa Radomirovic

    Radomirovic, Sasa

    Person: Associate Staff

    Cite this

    Basin, D., Radomirovic, S., & Schmid, L. (2016). Modeling human errors in security protocols. In IEEE 29th Computer Security Foundations Symposium CSF 2016: Proceedings (pp. 325-340). (Proceedings of the IEEE). Institute of Electrical and Electronics Engineers.