Abstract
Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. In this paper, we provide a model for formalizing and reasoning about these inherent human limitations and their consequences. Specifically, we formalize models of fallible humans in security protocols as multiset rewrite theories. We show how the Tamarin tool can then be used to automatically analyze security protocols involving human errors. We provide case studies of authentication protocols that show how different protocol constructions and features differ in their effectiveness with respect to different kinds of fallible humans. This provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.
Original language | English |
---|---|
Title of host publication | 2016 IEEE 29th Computer Security Foundations Symposium (CSF) |
Publisher | IEEE |
Pages | 325-340 |
Number of pages | 6 |
ISBN (Electronic) | 9781509026074 |
DOIs | |
Publication status | Published - 11 Aug 2016 |
Event | 29th IEEE Computer Security Foundations Symposium 2016 - Lisbon, Portugal Duration: 27 Jun 2016 → 1 Jul 2016 |
Publication series
Name | IEEE Computer Security Foundations Symposium |
---|---|
ISSN (Print) | 1940-1434 |
Conference
Conference | 29th IEEE Computer Security Foundations Symposium 2016 |
---|---|
Abbreviated title | CSF 2016 |
Country/Territory | Portugal |
City | Lisbon |
Period | 27/06/16 → 1/07/16 |
Keywords
- Formal Methods
- Human Errors
- Security Protocols
- Usable Security
ASJC Scopus subject areas
- General Engineering
Fingerprint
Dive into the research topics of 'Modeling human errors in security protocols'. Together they form a unique fingerprint.Profiles
-
Sasa Radomirovic
- School of Mathematical & Computer Sciences - Professor
- School of Mathematical & Computer Sciences, Computer Science - Professor
Person: Academic (Research & Teaching)