A Proposed Framework for Analysing Security Ceremonies

Marcelo Carlomagno Carlos, Jean Everson Martina, Geraint Price, Ricardo Felipe Custódio


The concept of a ceremony as an extension of network and security protocols was introduced by Ellison. There are no currently available methods or tools to check correctness of the properties in such ceremonies. The potential application for security ceremonies are vast and fill gaps left by strong assumptions in security protocols. Assumptions include the provision of cryptographic keys and correct human interaction. Moreover, no tools are available to check how knowledge is distributed among human peers nor their interaction with other humans and computers in these scenarios. The key component of this position paper is the formalisation of human knowledge distribution in security ceremonies. By properly enlisting human expectations and interactions in security protocols, we can minimise the ill-described assumptions we usually see failing. Taking such issues into account when designing or verifying protocols can help us to better understand where protocols are more prone to break due to human constraints.


  1. Abadi, M. and Gordon, A. D. (1997). Reasoning about cryptographic protocols in the spi calculus. In Proc. of the 8th Int. Conf. on Concurrency Theory, pages 59-73. Springer-Verlag.
  2. Bella, G. (2007). Formal Correctness of Security Protocols, volume XX of Information Security and Cryptography. Springer Verlag.
  3. Bella, G., Longo, C., and Paulson, L. C. (2003). Is the verification problem for cryptographic protocols solved? In Security Protocols Works., volume 3364 of LNCS, pages 183-189. Springer.
  4. Bella, G., Massacci, F., and Paulson, L. C. (2002). The verification of an industrial payment protocol: the SET purchase phase. In Proc. of the 9th ACM CCS, pages 12-20, Washington, DC, USA. ACM Press.
  5. Burrows, M., Abadi, M., and Needham, R. (1989). A logic of authentication. In Proc. 12th ACM Symposium on Operating Systems Principles, Litchfield Park, AZ.
  6. Carlos, M. C. and Price, G. (2012). Understanding the weaknesses of human-protocol interaction. In Works. on Usable Security at 16th Int. Conference on Financial Cryptography and Data Security.
  7. Dhamija, R., Tygar, J. D., and Hearst, M. (2006). Why phishing works. In Proc. of the SIGCHI conference on Human Factors in computing systems, CHI 7806, pages 581-590, New York, NY, USA. ACM.
  8. Dolev, D. and Yao, A. (1983). On the security of public key protocols. Information Theory, IEEE Transactions on, 29(2):198-208.
  9. Ellison, C. (2007). Ceremony design and analysis. Cryptology ePrint Archive, Report 2007/399. http://eprint.iacr.org/.
  10. Gajek, S. (2005). Effective protection against phishing and web spoofing. In Proc. of the 9th IFIP Conf. on Comm. and Multimedia Sec., LNCS 3677, pages 32-41.
  11. Gajek, S., Manulis, M., Sadeghi, A.-R., and Schwenk, J. Provably secure browser-based user-aware mutual authentication over tls. In Proc. of the 2008 ACM symposium on Information, computer and communications security.
  12. Jakobsson, M. (2007). The human factor in phishing. In In Privacy & Security of Consumer Information 7807.
  13. Lowe, G. (1996). Breaking and fixing the needhamschroeder public-key protocol using fdr. In Proc. of the 2nd Int. Works. on Tools and Algorithms for Construction and Analysis of Systems, pages 147-166.
  14. Meadows, C. (1996). Language generation and verification in the nrl protocol analyzer. In Proc. of the 9th IEEE CSF, page 48, Washington, DC. IEEE Comp. Soc.
  15. Meadows, C. (2003). Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications, 21.
  16. Mitchell, J. C., Shmatikov, V., and Stern, U. (1998). Finitestate analysis of SSL 3.0. In Proc. of the 7th conference on USENIX Security Symposium, volume 7, page 16, San Antonio, Texas. USENIX.
  17. Needham, R. M. and Schroeder, M. D. (1978). Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999.
  18. Paulson, L. C. (1998). The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85-128.
  19. Paulson, L. C. (1999). Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332-351.
  20. Roscoe, A. W., Goldsmith, M., Creese, S. J., and Zakiuddin, I. (2003). The Attacker in Ubiquitous Computing Environments: Formalising the Threat Model. In Proc. of 1st Int. Works. on Form. Asp. in Security and Trust.
  21. Ruksenas, R., Curzon, P., and Blandford, A. (2008). Modelling and analysing cognitive causes of security breaches. Innovations in Systems and Software Engineering, 4(2):143-160.
  22. Ryan, P. and Schneider, S. (2000). The modelling and analysis of security protocols: the csp approach. AddisonWesley Professional.

Paper Citation

in Harvard Style

Carlomagno Carlos M., Everson Martina J., Price G. and Felipe Custódio R. (2012). A Proposed Framework for Analysing Security Ceremonies . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 440-445. DOI: 10.5220/0004129704400445

in Bibtex Style

author={Marcelo Carlomagno Carlos and Jean Everson Martina and Geraint Price and Ricardo Felipe Custódio},
title={A Proposed Framework for Analysing Security Ceremonies},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - A Proposed Framework for Analysing Security Ceremonies
SN - 978-989-8565-24-2
AU - Carlomagno Carlos M.
AU - Everson Martina J.
AU - Price G.
AU - Felipe Custódio R.
PY - 2012
SP - 440
EP - 445
DO - 10.5220/0004129704400445