Using encryption for authentication in large networks of computers
Communications of the ACM
Security Weaknesses in Bluetooth
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Entity Authentication and Key Distribution
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Robustness Principles for Public Key Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Formal Correctness of Security Protocols (Information Security and Cryptography)
Formal Correctness of Security Protocols (Information Security and Cryptography)
Multichannel Security Protocols
IEEE Pervasive Computing
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Multi-Attacker Protocol Validation
Journal of Automated Reasoning
On the security of public key protocols
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Since Needham and Schroeder introduced the idea of an active attacker, a lot of research has been made in the protocol design and analysis area in order to verify the protocols' claims against this type of attacker. Nowadays, the Dolev-Yao threat model is the most widely accepted attacker model in the analysis of security protocols. Consequently, there are several security protocols considered secure against an attacker under Dolev-Yao's assumptions. With the introduction of the concept of ceremonies, which extends protocol design and analysis to include human peers, we can potentially find and solve security flaws that were previously not detectable. In this paper, we discuss that even though Dolev-Yao's threat model can represent the most powerful attacker possible in a ceremony, the attacker in this model is not realistic in certain scenarios, especially those related to the human peers. We propose a dynamic threat model that can be adjusted according to each ceremony, and consequently adapt the model and the ceremony analysis to realistic scenarios without degrading security and improving usability.