A Complete Characterization of Secure Human-Server Communication

David Basin; Saša Radomirović; Michael Schläepfer

doi:10.1109/CSF.2015.21

A Complete Characterization of Secure Human-Server Communication

David Basin, Saša Radomirović, Michael Schläepfer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Citations (Scopus)

12 Downloads (Pure)

Abstract

Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

Original language	English
Title of host publication	2015 IEEE 28th Computer Security Foundations Symposium
Publisher	IEEE
Pages	199-213
Number of pages	15
ISBN (Electronic)	9781467375382
DOIs	https://doi.org/10.1109/CSF.2015.21
Publication status	Published - 7 Sep 2015
Event	28th IEEE Computer Security Foundations Symposium 2015 - Verona, Italy Duration: 13 Jul 2015 → 17 Jul 2015

Publication series

Name	Computer Security Foundations Symposium
ISSN (Print)	1063-6900

Conference

Conference	28th IEEE Computer Security Foundations Symposium 2015
Abbreviated title	CSF 2015
Country	Italy
City	Verona
Period	13/07/15 → 17/07/15

Keywords

Formal Modeling
Security Ceremonies
Security Protocols

Access to Document

10.1109/CSF.2015.21

Download pdf
© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 431 KB

Link to publication in Scopus

Fingerprint Dive into the research topics of 'A Complete Characterization of Secure Human-Server Communication'. Together they form a unique fingerprint.

Cite this

@inproceedings{1fdc1d1a10704eb19dced89028b5302c,

title = "A Complete Characterization of Secure Human-Server Communication",

abstract = "Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.",

keywords = "Formal Modeling, Security Ceremonies, Security Protocols",

author = "David Basin and Sa{\v s}a Radomirovi{\'c} and Michael Schl{\"a}epfer",

year = "2015",

month = sep,

day = "7",

doi = "10.1109/CSF.2015.21",

language = "English",

series = "Computer Security Foundations Symposium",

publisher = "IEEE",

pages = "199--213",

booktitle = "2015 IEEE 28th Computer Security Foundations Symposium",

address = "United States",

note = "28th IEEE Computer Security Foundations Symposium 2015, CSF 2015 ; Conference date: 13-07-2015 Through 17-07-2015",

}

TY - GEN

T1 - A Complete Characterization of Secure Human-Server Communication

AU - Basin, David

AU - Radomirović, Saša

AU - Schläepfer, Michael

PY - 2015/9/7

Y1 - 2015/9/7

N2 - Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

AB - Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

KW - Formal Modeling

KW - Security Ceremonies

KW - Security Protocols

UR - http://www.scopus.com/inward/record.url?scp=84961326644&partnerID=8YFLogxK

U2 - 10.1109/CSF.2015.21

DO - 10.1109/CSF.2015.21

M3 - Conference contribution

AN - SCOPUS:84961326644

T3 - Computer Security Foundations Symposium

SP - 199

EP - 213

BT - 2015 IEEE 28th Computer Security Foundations Symposium

PB - IEEE

T2 - 28th IEEE Computer Security Foundations Symposium 2015

Y2 - 13 July 2015 through 17 July 2015

ER -