Modeling human errors in security protocols

David Basin, Sasa Radomirovic, Lara Schmid

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. In this paper, we provide a model for formalizing and reasoning about these inherent human limitations and their consequences. Specifically, we formalize models of fallible humans in security protocols as multiset rewrite theories. We show how the Tamarin tool can then be used to automatically analyze security protocols involving human errors. We provide case studies of authentication protocols that show how different protocol constructions and features differ in their effectiveness with respect to different kinds of fallible humans. This provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.

Original languageEnglish
Title of host publication2016 IEEE 29th Computer Security Foundations Symposium (CSF)
PublisherIEEE
ISBN (Electronic)9781509026074
DOIs
Publication statusPublished - 11 Aug 2016
Event29th IEEE Computer Security Foundations Symposium 2016 - Lisbon, Portugal
Duration: 27 Jun 20161 Jul 2016

Publication series

NameIEEE Computer Security Foundations Symposium
ISSN (Print)1940-1434

Conference

Conference29th IEEE Computer Security Foundations Symposium 2016
Abbreviated titleCSF 2016
CountryPortugal
CityLisbon
Period27/06/161/07/16

Keywords

  • Formal Methods
  • Human Errors
  • Security Protocols
  • Usable Security

ASJC Scopus subject areas

  • Engineering(all)

Profiles

Cite this

Basin, D., Radomirovic, S., & Schmid, L. (2016). Modeling human errors in security protocols. In 2016 IEEE 29th Computer Security Foundations Symposium (CSF) [7536385] (IEEE Computer Security Foundations Symposium). IEEE. https://doi.org/10.1109/CSF.2016.30