An updated threat model for security ceremonies

Carlos, Marcelo Carlomagno; Martina, Jean Everson; Price, Geraint; Custódio, Ricardo Felipe

doi:10.1145/2480362.2480705

Cited by 20 publications

(19 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Ellison [20] introduced the concept of security ceremonies where the users are participants to the protocol and their actions are specified, modelled and analyzed just like those of the communicating endpoints. Carlos et al [13] use Bluetooth as an example for reasoning about basic security properties of a security ceremony.…”

Section: Device Pairing and Relay Attackmentioning

confidence: 99%

Misbinding Attacks on Secure Device Pairing and Bootstrapping

Sethi

Peltonen

Aura

2019

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are well known, and resistance to misbinding is considered a critical requirement for security protocols on the Internet. In the context of device pairing, on the other hand, the attack has received little attention outside the trusted-computing community. This paper points out that most device pairing protocols are vulnerable to misbinding. Device pairing protocols are characterized by lack of a-priory information, such as identifiers and cryptographic roots of trust, about the other endpoint. Therefore, the devices in pairing protocols need to be identified by the user's physical access to them. As case studies for demonstrating the misbinding vulnerability, we use Bluetooth and a protocol that registers new IoT devices to authentication servers on wireless networks. We have implemented the attacks. We also show how the attacks can be found in formal models of the protocols with carefully formulated correspondence assertions. The formal analysis yields a new type of double misbinding attack. While pairing protocols have been extensively modelled and analyzed, misbinding seems to be an aspect that has not previously received sufficient attention. Finally, we discuss potential ways to mitigate the threat and its significance to security of pairing protocols. CCS CONCEPTS• Security and privacy → Systems security; Network security; Formal methods and theory of security; • Networks → Network protocol design.

show abstract

Section: Device Pairing and Relay Attackmentioning

confidence: 99%

Misbinding Attacks on Secure Device Pairing and Bootstrapping

Sethi

Peltonen

Aura

2019

Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…CH models how protocol agents access insecure, authentic, confidential, and secure (i.e., authentic and confidential) channels. Rules (6) and (7) represent insecure channels. The sending of messages over an insecure channel is labeled with the Snd I action and produces an Out fact, which represents the adversary's capability to learn messages by eavesdropping.…”

Section: ) Node Propertiesmentioning

confidence: 99%

“…In subsequent work [6], they consider an adversary that is weaker than the standard Dolev-Yao adversary in order to verify a Bluetooth pairing ceremony under realistic conditions. Their results are, however, specific to Bluetooth pairing ceremonies.…”

Section: Related Workmentioning

confidence: 99%

A Complete Characterization of Secure Human-Server Communication

Basin¹,

Radomirović

Schlaepfer³

2015

2015 IEEE 28th Computer Security Foundations Symposium

View full text Add to dashboard Cite

Abstract-Establishing a secure communication channel between two parties is a nontrivial problem, especially when one or both are humans. Unlike computers, humans cannot perform strong cryptographic operations without supporting technology, yet this technology may itself be compromised. We introduce a general communication topology model to facilitate the analysis of security protocols in this setting. We use it to completely characterize all topologies that allow secure communication between a human and a remote server via a compromised computer. These topologies are relevant for a variety of applications, including online banking and Internet voting. Our characterization can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

show abstract

“…[31] advocate that the all-powerful Dolev-Yao model is not realistic, and prove it too powerful by analysing protocols in a pervasive environment, here addressed as a socio-technical protocol. Carlos et al develop this argument [24] substantially. They derive more realistic threat models by removing capabilities from the Dolev-Yao intruder, and apply their models to authentication protocols with Wi-Fi printers and to Bluetooth pairing protocols.…”

Section: The Socio-technical Perspectivementioning

confidence: 99%

Service security and privacy as a socio-technical problem

Bella

Curzon

Lenzini

2015

JCS

View full text Add to dashboard Cite

Abstract. The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another.The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users.

show abstract

An updated threat model for security ceremonies

Cited by 20 publications

References 10 publications

Misbinding Attacks on Secure Device Pairing and Bootstrapping

Misbinding Attacks on Secure Device Pairing and Bootstrapping

A Complete Characterization of Secure Human-Server Communication

Service security and privacy as a socio-technical problem

Contact Info

Product

Resources

About