An adaptive threat model for security ceremonies

An adaptive threat model for security ceremonies

Ever since Needham and Schroeder introduced the notion of an active attacker, significant research has been conducted regarding protocol design and analysis to verify that the protocols’ goals are robust against this type of attacker. Nowadays, the Dolev–Yao threat model is the most widely accepted...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2015-04, Vol.14 (2), p.103-121
Hauptverfasser: Martina, Jean Everson, dos Santos, Eduardo, Carlos, Marcelo Carlomagno, Price, Geraint, Custódio, Ricardo Felipe
Format: Artikel
Sprache:eng
Schlagworte:
Adjustment
Authentication protocols
Coding and Information Theory
Communication channels
Communications Engineering
Computer Communication Networks
Computer information security
Computer Science
Cryptology
Cybersecurity
Design
Design engineering
Dynamic tests
Dynamics
Feasibility
Hackers
Human
Management of Computing and Information Systems
Networks
Operating Systems
Peers
Protocol
Protocol verification
Rites & ceremonies
Security
Special Issue Paper
Studies
Theorem proving
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Ever since Needham and Schroeder introduced the notion of an active attacker, significant research has been conducted regarding protocol design and analysis to verify that the protocols’ goals are robust against this type of attacker. Nowadays, the Dolev–Yao threat model is the most widely accepted attacker model for the analysis of security protocols. Consequently, there are several security protocols considered secure against an attacker under Dolev–Yao’s assumptions. With the introduction of the concept of ceremonies, which extends protocol design and analysis to include human peers, we can potentially find and solve security flaws that were previously not detectable. In this paper, we discuss that even though Dolev–Yao’s threat model can represent the most powerful attacker possible in a ceremony, the attacker in this model is not realistic in certain scenarios, especially those related to human peers. We propose a dynamic threat model that can be adjusted according to each ceremony and consequently adapt the model and the ceremony analysis to realistic scenarios. We demonstrate the feasibility of our approach with a support implementation using first-order logic and an automatic theorem prover.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-014-0253-x