Skip to main content
SpringerLink
Log in

An adaptive threat model for security ceremonies

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Ever since Needham and Schroeder introduced the notion of an active attacker, significant research has been conducted regarding protocol design and analysis to verify that the protocols’ goals are robust against this type of attacker. Nowadays, the Dolev–Yao threat model is the most widely accepted attacker model for the analysis of security protocols. Consequently, there are several security protocols considered secure against an attacker under Dolev–Yao’s assumptions. With the introduction of the concept of ceremonies, which extends protocol design and analysis to include human peers, we can potentially find and solve security flaws that were previously not detectable. In this paper, we discuss that even though Dolev–Yao’s threat model can represent the most powerful attacker possible in a ceremony, the attacker in this model is not realistic in certain scenarios, especially those related to human peers. We propose a dynamic threat model that can be adjusted according to each ceremony and consequently adapt the model and the ceremony analysis to realistic scenarios. We demonstrate the feasibility of our approach with a support implementation using first-order logic and an automatic theorem prover.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Human–human interaction in this paper means face-to-face and in-person communication.

References

  1. Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptol. 20(3), 395–395 (2007)

  2. Alexander, R.D.: The evolution of social behavior. Annu. Rev. Ecol. Syst. 5 (1974). http://www.jstor.org/stable/2096892

  3. Anderson, R., Needham, R.: Robustness principles for public key protocols. In: CRYPTO ’95. Springer (1995)

  4. Arsac, W., Bella, G., Chantry, X., Compagna, L.: ARSPA-WITS. Lecture Notes in Computer Science. In: Degano, P., Viganò, L. (eds.) Validating Security Protocols Under the General Attacker, pp. 34–51. Springer (2009). doi:10.1007/978-3-642-03459-6

  5. Arsac, W., Bella, G., Chantry, X., Compagna, L.: Multi-attacker protocol validation. J. Autom. Reason. 46(3–4) (2011). doi:10.1007/s10817-010-9185-y

  6. Backes, M., Pfitzmann, B.: Relating symbolic and cryptographic secrecy. IACR Cryptology ePrint Archive 2004, 300 (2004), http://eprint.iacr.org/2004/300

  7. Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: NDSS’02. San Diego (2002)

  8. Bella, G., Bistarelli, S., Massacci, F.: Retaliation: can we live with flaws? In: IACS, vol. 6. IOS Press (2006)

  9. Bella, G.: Formal Correctness of Security Protocols. Information Security and Cryptography. Springer, Berlin (2007)

    Book  Google Scholar 

  10. Bella, G.: Formal Correctness of Security Protocols, Information Security and Cryptography, vol. XX. Springer, Berlin (2007)

    Book  Google Scholar 

  11. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: CRYPTO’ 93, LNCS, vol. 773. Springer (1994)

  12. Bluetooth Special Interest Group: Bluetooth specifications 1.0 - 2.1+EDR. Technical specifications. http://www.bluetooth.com (1999–2007)

  13. Bluetooth Special Interest Group: Simple pairing whitepaper v10r00. Technical report (2006)

  14. Carlos, M.C., Price, G.: Understanding the weaknesses of human-protocol interaction. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security. pp. 13–26. FC’12, Springer, Berlin, Heidelberg (Mar 2012)

  15. Creese, S., Goldsmith, M., Roscoe, A.W., Zakiuddin, I.: The attacker in ubiquitous computing environments: formalising the threat model. In: FAST’03 (2003)

  16. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: SIGCHI’06. ACM, New York (2006). doi:10.1145/1124772.1124861

  17. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans Inf Theory 29(2), 198–208 (Mar 1983)

  18. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

  19. Ellison, C.: Ceremony Design and Analysis. Cryptology ePrint Archive. Report 2007/399 (Oct 2007)

  20. Jakobsson, M.: The human factor in phishing. In: Priv. Secur. Consum. Inf. ’07 (2007)

  21. Jakobsson, M., Wetzel, S.: Security weaknesses in bluetooth. In: CT-RSA 2001, LNCS, vol. 2020. Springer (2001)

  22. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12) (1978)

  23. Parker, G.: Assessment strategy and the evolution of fighting behaviour. J. Theor. Biol. 47(1) (1974). http://www.sciencedirect.com/science/article/pii/0022519374901118

  24. Ryan, P., Schneider, S.: Modelling and Analysis of Security Protocols, 1st edn. Addison Wesley, Boston (2001)

  25. Shaked, Y., Wool, A.: Cracking the bluetooth pin. In: MobiSys ’05s. ACM, New York (2005)

  26. Stajano, Anderson: The resurrecting duckling: security issues for ad-hoc wireless networks. In: IWSP: International Workshop on Security Protocols, LNCS (1999)

  27. Weidenbach, C.: SPASS Input Syntax Version 1.5. Max-Planck-Institut fur Informatik

  28. Weidenbach, C.: Towards an automatic analysis of security protocols in first-order logic. In: 16th International Conference on Automated Deduction, pp. 314–328. Springer, London, UK (1999)

Download references

Author information

Authors and Affiliations

  1. Departamento de Informática e de Estatística, Universidade Federal de Santa Catarina, INE Campus Universitário, Florianópolis, Brazil

    Jean Everson Martina & Ricardo Felipe Custódio

  2. Centre for Doctoral Training in Cyber Security, Department of Computer Science, University of Oxford, Parks Road, Oxford , OX1 3PW, UK

    Eduardo dos Santos

  3. Information Security Group, Royal Holloway, University of London, Egham, TW20 0EX, UK

    Marcelo Carlomagno Carlos & Geraint Price

Authors
  1. Jean Everson Martina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo dos Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcelo Carlomagno Carlos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Geraint Price
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ricardo Felipe Custódio
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean Everson Martina.

Additional information

Supported by CNPq and FINEP Brazil.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Martina, J.E., dos Santos, E., Carlos, M.C. et al. An adaptive threat model for security ceremonies. Int. J. Inf. Secur. 14, 103–121 (2015). https://doi.org/10.1007/s10207-014-0253-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-014-0253-x

Keywords

Search

Navigation