What Are the Threats? (Charting the Threat Models of Security Ceremonies)

Diego Sempreboni; Giampaolo Bella; Rosario Giustolisi; Luca Viganò

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

What Are the Threats? (Charting the Threat Models of Security Ceremonies)

Topics: Human Factors and Human Behaviour Recognition Techniques; Network Security; Security Protocols; Security Verification and Validation

In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications SECRYPT - Volume 1, 161-172, 2019 , Prague, Czech Republic

Authors: Diego Sempreboni ¹ ; Giampaolo Bella ² ; Rosario Giustolisi ³ and Luca Viganò ¹

Affiliations: ¹ Department of Informatics, King’s College London and U.K. ; ² Dipartimento di Informatica, Università di Catania and Italy ; ³ Department of Computer Science, IT University of Copenhagen and Denmark

Keyword(s): Threat Model, Security Ceremonies, Formal Analysis, Systematic Method.

Related Ontology Subjects/Areas/Topics: Human Factors and Human Behaviour Recognition Techniques ; Information and Systems Security ; Information Assurance ; Network Security ; Security Protocols ; Security Verification and Validation ; Wireless Network Security

Abstract: We address the fundamental question of what are, and how to define, the threat models for a security protocol and its expected human users, the latter pair forming a heterogeneous system that is typically called a security ceremony. Our contribution is the systematic definition of an encompassing method to build the full threat model chart for security ceremonies, from which one can conveniently reify the specific threat models of interest for the ceremony under consideration. For concreteness, we demonstrate the application of the method on three ceremonies that have already been considered in the literature: MP-Auth, Opera Mini and the Danish Mobilpendlerkort ceremony. We discuss how the full threat model chart suggests some interesting threats that haven’t been investigated although they are well worth of scrutiny. In particular, one of the threat models in our chart leads to a novel vulnerability of the Danish Mobilpendlerkort ceremony. We discovered the vulnerability by analysin g this threat model using the formal and automated tool Tamarin, which we employed to demonstrate the relevance of our method, but it is important to highlight that our method is generic and can be used with any tool for the analysis of security protocols and ceremonies. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.117.186.92

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Sempreboni, D.; Bella, G.; Giustolisi, R. and Viganò, L. (2019). What Are the Threats? (Charting the Threat Models of Security Ceremonies). In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-378-0; ISSN 2184-3236, SciTePress, pages 161-172. DOI: 10.5220/0007924901610172

@conference{secrypt19,
author={Diego Sempreboni. and Giampaolo Bella. and Rosario Giustolisi. and Luca Viganò.},
title={What Are the Threats? (Charting the Threat Models of Security Ceremonies)},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2019},
pages={161-172},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007924901610172},
isbn={978-989-758-378-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - What Are the Threats? (Charting the Threat Models of Security Ceremonies)
SN - 978-989-758-378-0
IS - 2184-3236
AU - Sempreboni, D.
AU - Bella, G.
AU - Giustolisi, R.
AU - Viganò, L.
PY - 2019
SP - 161
EP - 172
DO - 10.5220/0007924901610172
PB - SciTePress