@inproceedings{3a3e45813e644a55a9f8cd29482ef19b,
title = "Modeling human errors in security protocols",
abstract = "Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. In this paper, we provide a model for formalizing and reasoning about these inherent human limitations and their consequences. Specifically, we formalize models of fallible humans in security protocols as multiset rewrite theories. We show how the Tamarin tool can then be used to automatically analyze security protocols involving human errors. We provide case studies of authentication protocols that show how different protocol constructions and features differ in their effectiveness with respect to different kinds of fallible humans. This provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.",
keywords = "Formal Methods, Human Errors, Security Protocols, Usable Security",
author = "David Basin and Sasa Radomirovic and Lara Schmid",
year = "2016",
month = aug,
day = "11",
doi = "10.1109/CSF.2016.30",
language = "English",
series = "IEEE Computer Security Foundations Symposium",
publisher = "IEEE",
pages = "325--340",
booktitle = "2016 IEEE 29th Computer Security Foundations Symposium (CSF)",
address = "United States",
note = "29th IEEE Computer Security Foundations Symposium 2016, CSF 2016 ; Conference date: 27-06-2016 Through 01-07-2016",
}