Skip to main content
SpringerLink
Log in

Probabilistic Modelling of Humans in Security Ceremonies

  • Conference paper
  • First Online:
Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM 2014, QASA 2014, SETOP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8872))

Abstract

We are interested in formal modelling and verification of security ceremonies. Considerable efforts have been put into verifying security protocols, with quite successful tools currently being widely used. The relatively recent concept of security ceremonies, introduced by Carl Ellison, increases the complexity of protocol analysis in several directions: a ceremony should include all relevant out-of-bad assumptions, should compose protocols, and should include the human agent. Work on modelling human agents as part of IT systems is quite limited, and the few existing studies come from psychology or sociology. A step towards understanding how to model and analyse security ceremonies is to integrate a model of human agents with models for protocols (or combination of protocols). Current works essentially model human agent interaction with a user interface as a nondeterministic process.

In this paper we propose a more realistic model which includes more information about the user interaction, obtained by sociologists usually through experiments and observation, and model the actions of a human agent as a probabilistic process. An important point that we make in this paper is to separate the model of the human and the model of the user interface, and to provide a “compilation” operation putting the two together and encoding the interaction between the human and the interface. We base our work on a recently proposed model for security ceremonies, which we call the Bella-Coles-Kemp model.

This work was partially supported by the project OffPAD with number E!8324 part of the Eurostars program funded by the EUREKA and European Community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We draw an angle between transitions to denote those which share the same label (like news and reject); and by definition must form a probability distribution.

References

  1. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Hankin, C., Schmidt, D. (eds.) POPL, pp. 104–115. ACM (2001)

    Google Scholar 

  2. Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148(1), 1–70 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  3. Bella, G., Coles-Kemp, L.: Layered analysis of security ceremonies. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 273–286. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Bevan, N.: International standards for HCI and usability. Int. J. Hum. Comput. Stud. 55(4), 533–552 (2001)

    Article  MATH  Google Scholar 

  5. Billingsley, P.: Statistical Inference for Markov Processes. The University of Chicago Press, Chicago (1961)

    MATH  Google Scholar 

  6. Blanchet, B.: Automatic proof of strong secrecy for security protocols. In: IEEE Symposium on Security and Privacy, pp. 86–102. IEEE Computer Society (2004)

    Google Scholar 

  7. Blanchet, B.: A computationally sound mechanized prover for security protocols. IEEE Trans. Dependable Sec. Comput. 5(4), 193–207 (2008)

    Article  Google Scholar 

  8. Carlos, M.C., Martina, J.E., Price, G., Custódio, R.F.: An updated threat model for security ceremonies. In: Shin, S.Y., Maldonado, J.C. (eds.) 28th Annual ACM Symposium on Applied Computing (SAC 2013), pp. 1836–1843. ACM (2013)

    Google Scholar 

  9. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–207 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  10. Ellison, C.: Ceremony design and analysis. Cryptology ePrint Archive, Report 2007/399 (2007)

    Google Scholar 

  11. Ferreira, A., Giustolisi, R., Huynen, J.L., Koenig, V., Lenzini, G.: Studies in socio-technical security analysis: authentication of identities with TLS certificates. In: TrustCom/ISPA/IUCC, pp. 1553–1558. IEEE (2013)

    Google Scholar 

  12. van Glabbeek, R.J., Smolka, S.A., Steffen, B.: Reactive, generative and stratified models of probabilistic processes. Inf. Comput. 121(1), 59–80 (1995)

    Article  MATH  Google Scholar 

  13. Goldsmith, M., Lowe, G., Roscoe, B., Ryan, P., Schneider, S.: Modelling and Analysis of Security Protocols. Pearson Education, Harlow (2000)

    Google Scholar 

  14. Groote, J.F., Mathijssen, A., Reniers, M.A., Usenko, Y.S., van Weerdenburg, M.: The formal specification language mCRL2. In: Methods for Modelling Software Systems (MMOSS 2006). Dagstuhl Seminar Proceedings, vol. 06351 (2007)

    Google Scholar 

  15. Harel, D., Tiuryn, J., Kozen, D.: Dynamic Logic. MIT Press, Cambridge (2000)

    MATH  Google Scholar 

  16. de la Higuera, C., Oncina, J.: Learning stochastic finite automata. In: Paliouras, G., Sakakibara, Y. (eds.) ICGI 2004. LNCS (LNAI), vol. 3264, pp. 175–186. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Jonsson, B., Larsen, K.G., Yi, W.: Probabilistic extensions of process algebras. In: Bergstra, J., Ponse, A., Smolka, S. (eds.) Handbook of Process Algebras, pp. 685–711. Elsevier, Amsterdam (2001)

    Chapter  Google Scholar 

  18. Kwiatkowska, M., Norman, G., Parker, D.: Advances and challenges of probabilistic model checking. In: Proceedings of the 48th Annual Allerton Conference on Communication, Control and Computing, pp. 1691–1698. IEEE Press (2010)

    Google Scholar 

  19. Larsen, K.G., Skou, A.: Bisimulation through probabilistic testing. Inf. Comput. 94(1), 1–28 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  20. Latour, B.: Reassembling the Social - An Introduction to Actor-Network-Theory. Oxford University Press, Oxford (2005)

    Google Scholar 

  21. Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. Softw. Concepts Tools 17(3), 93–102 (1996)

    Google Scholar 

  22. Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. In: IEEE Symposium on Security and Privacy, pp. 141–151. IEEE Computer Society (1997)

    Google Scholar 

  23. Newell, A.: Unified Theories of Cognition. Harvard University Press, Cambridge (1990)

    Google Scholar 

  24. Norman, G., Parker, D., Sproston, J.: Model checking for probabilistic timed automata. Formal Meth. Syst. Des. 43(2), 164–190 (2013)

    Article  MATH  Google Scholar 

  25. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)

    Google Scholar 

  26. Pavlovic, D., Meadows, C.: Actor-network procedures: modeling multi-factor authentication, device pairing, social interactions. arXiv.org (2011)

    Google Scholar 

  27. Pieters, W.: Representing humans in system security models: an actor-network approach. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 2(1), 75–92 (2011)

    Google Scholar 

  28. Pratt, V.R.: Process logic. In: 6th Symposium on Principles of Programming Languages (POPL 1979), pp. 93–100. ACM (1979)

    Google Scholar 

  29. Prisacariu, C.: Actor network procedures as psi-calculi for security ceremonies. In: International Workshop on Graphical Models for Security. Electronic Proceedings in Theoretical Computer Science, vol. 148, pp. 63–77. Open Publishing Assoc. (2014)

    Google Scholar 

  30. Rabin, M.O.: Probabilistic automata. Inform. Control 6(3), 230–245 (1963)

    Article  MATH  Google Scholar 

  31. Radke, K., Boyd, C., Gonzalez Nieto, J., Brereton, M.: Ceremony analysis: strengths and weaknesses. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 104–115. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  32. Rogers, Y., Sharp, H., Preece, J.: Interaction Design: Beyond Human-Computer Interaction, 3rd edn. Wiley, Chichester (2011)

    Google Scholar 

  33. Rukšėnas, R., Curzon, P., Back, J., Blandford, A.: Formal modelling of cognitive interpretation. In: Doherty, G., Blandford, A. (eds.) DSVIS 2006. LNCS, vol. 4323, pp. 123–136. Springer, Heidelberg (2007)

    Google Scholar 

  34. Ruksenas, R., Curzon, P., Blandford, A.: Modelling and analysing cognitive causes of security breaches. Innovations Sys. Softw. Eng. 4(2), 143–160 (2008)

    Article  Google Scholar 

  35. Segerberg, K.: Getting started: beginnings in the logic of action. Stud. Logica 51(3/4), 347–378 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  36. Semančík, R.: Basic properties of the persona model. Comput. Inform. 26(2), 105–121 (2007)

    MATH  Google Scholar 

  37. Sokolova, A., de Vink, E.P.: Probabilistic automata: system types, parallel composition and comparison. In: Baier, C., Haverkort, B.R., Hermanns, H., Katoen, J.-P., Siegle, M. (eds.) Validation of Stochastic Systems. LNCS, vol. 2925, pp. 1–43. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  38. Stern, U., Dill, D.L.: Parallelizing the Mur\(\varphi \) verifier. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 256–278. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  39. Teodorescu, I.: Maximum likelihood estimation for markov chains (2009). arxiv:0905.4131

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, University of Oslo, Blindern, P.O. Box 1080, 0316, Oslo, Norway

    Christian Johansen & Audun Jøsang

Authors
  1. Christian Johansen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Audun Jøsang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Johansen .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Jordi Herrera-Joancomartí

  3. Imperial College London, London, United Kingdom

    Emil Lupu

  4. Universität Passau, Passau, Germany

    Joachim Posegga

  5. University of Urbino, Urbino, Italy

    Alessandro Aldini

  6. Pisa Research Area, National Research Council - CNR, Pisa, Italy

    Fabio Martinelli

  7. Technische Universität Darmstadt, Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Johansen, C., Jøsang, A. (2015). Probabilistic Modelling of Humans in Security Ceremonies. In: Garcia-Alfaro, J., et al. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. DPM QASA SETOP 2014 2014 2014. Lecture Notes in Computer Science(), vol 8872. Springer, Cham. https://doi.org/10.1007/978-3-319-17016-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17016-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17015-2

  • Online ISBN: 978-3-319-17016-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation