What Are the Threats? (Charting the Threat Models of Security Ceremonies)

Diego Sempreboni, Giampaolo Bella, Rosario Giustolisi, Luca Viganò

Abstract

We address the fundamental question of what are, and how to define, the threat models for a security protocol and its expected human users, the latter pair forming a heterogeneous system that is typically called a security ceremony. Our contribution is the systematic definition of an encompassing method to build the full threat model chart for security ceremonies, from which one can conveniently reify the specific threat models of interest for the ceremony under consideration. For concreteness, we demonstrate the application of the method on three ceremonies that have already been considered in the literature: MP-Auth, Opera Mini and the Danish Mobilpendlerkort ceremony. We discuss how the full threat model chart suggests some interesting threats that haven’t been investigated although they are well worth of scrutiny. In particular, one of the threat models in our chart leads to a novel vulnerability of the Danish Mobilpendlerkort ceremony. We discovered the vulnerability by analysing this threat model using the formal and automated tool Tamarin, which we employed to demonstrate the relevance of our method, but it is important to highlight that our method is generic and can be used with any tool for the analysis of security protocols and ceremonies.

Download


Paper Citation


in Harvard Style

Sempreboni D., Bella G., Giustolisi R. and Viganò L. (2019). What Are the Threats? (Charting the Threat Models of Security Ceremonies).In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 161-172. DOI: 10.5220/0007924901610172


in Bibtex Style

@conference{secrypt19,
author={Diego Sempreboni and Giampaolo Bella and Rosario Giustolisi and Luca Viganò},
title={What Are the Threats? (Charting the Threat Models of Security Ceremonies)},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={161-172},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007924901610172},
isbn={978-989-758-378-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - What Are the Threats? (Charting the Threat Models of Security Ceremonies)
SN - 978-989-758-378-0
AU - Sempreboni D.
AU - Bella G.
AU - Giustolisi R.
AU - Viganò L.
PY - 2019
SP - 161
EP - 172
DO - 10.5220/0007924901610172