A Proposed Framework for Analysing Security Ceremonies
نویسندگان
چکیده
The concept of a ceremony as an extension of network and security protocols was introduced by Ellison. There are no currently available methods or tools to check correctness of the properties in such ceremonies. The potential application for security ceremonies are vast and fill gaps left by strong assumptions in security protocols. Assumptions include the provision of cryptographic keys and correct human interaction. Moreover, no tools are available to check how knowledge is distributed among human peers nor their interaction with other humans and computers in these scenarios. The key component of this position paper is the formalisation of human knowledge distribution in security ceremonies. By properly enlisting human expectations and interactions in security protocols, we can minimise the ill-described assumptions we usually see failing. Taking such issues into account when designing or verifying protocols can help us to better understand where protocols are more prone to break due to human constraints.
منابع مشابه
Poster: Towards a Model for Analysing Anti-Phishing Authentication Ceremonies
Phishing uses both social engineering and technical means to carry out attacks. Therefore, human factors incorrect human trust decisions play an important role in phishing. Many online authentication techniques place a disproportional burden on human abilities. Assumptions made about human-protocol behaviour are often flawed. In our approach we use the concept of a ceremony to analyse and impro...
متن کاملActor Network Procedures as Psi-calculi for Security Ceremonies
The actor network procedures of Pavlovic and Meadows are a recent graphical formalism developed for describing security ceremonies and for reasoning about their security properties. The present work studies the relations of the actor network procedures (ANP) to the recent psi-calculi framework. Psi-calculi is a parametric formalism where calculi like spior applied-pi are found as instances. Psi...
متن کاملA New Framework for Reactive Power Market Considering Power System Security
This paper presents a new framework for the day-ahead reactive power market based on the uniform auction price. Voltage stability and security have been considered in the proposed framework. Total Payment Function (TPF) is suggested as the objective function of the Optimal Power Flow (OPF) used to clear the reactive power market. Overload, voltage drop and voltage stability margin (VSM) are inc...
متن کاملEvaluation of the Model for Analysing Anti-Phishing Authentication Ceremonies
Phishing takes advantage of the way humans interact with computers or interpret messages. A security ceremony is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. We propose a model with ...
متن کاملProbabilistic Modelling of Humans in Security Ceremonies
We are interested in formal modelling and verification of security ceremonies. Considerable efforts have been put into verifying security protocols, with quite successful tools currently being widely used. The relatively recent concept of security ceremonies, introduced by Carl Ellison, increases the complexity of protocol analysis in several directions: a ceremony should include all relevant o...
متن کامل