Abstract
Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. In this paper, we provide a model for formalizing and reasoning about these inherent human limitations and their consequences. Specifically, we formalize models of fallible humans in security protocols as multiset rewrite theories. We show how the Tamarin tool can then be used to automatically analyze security protocols involving human errors. We provide case studies of authentication protocols that show how different protocol constructions and features differ in their effectiveness with respect to different kinds of fallible humans. This provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.
Original language | English |
---|---|
Title of host publication | IEEE 29th Computer Security Foundations Symposium CSF 2016 |
Subtitle of host publication | Proceedings |
Place of Publication | Piscataway |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 325-340 |
Number of pages | 16 |
ISBN (Electronic) | 9781509026074 |
DOIs | |
Publication status | Published - 2016 |
Event | 29th IEEE Computer Security Foundations Symposium - Fundação Calouste Gulbenkian (FCG), Lisbon, Portugal Duration: 27 Jun 2016 → 1 Jul 2016 http://csf2016.tecnico.ulisboa.pt/ (Link to Conference website) |
Publication series
Name | Proceedings of the IEEE |
---|---|
Publisher | IEEE |
ISSN (Electronic) | 2374-8303 |
Conference
Conference | 29th IEEE Computer Security Foundations Symposium |
---|---|
Abbreviated title | CSF 2016 |
Country/Territory | Portugal |
City | Lisbon |
Period | 27/06/16 → 1/07/16 |
Internet address |
|
Keywords
- Formal methods
- Human errors
- Security protocols
- Usable security
ASJC Scopus subject areas
- General Engineering