Layered Analysis of Security Ceremonies

Abstract: A security ceremony expands a security protocol with everything that is considered out of band for it. Notably, it incorporates the user, who, according to their belief systems and cultural values, may be variously targeted by social engineering attacks. This makes ceremonies complex and varied, hence the need for their formal analysis aimed at their rigorous understanding. Formal analysis in turn requires clarifying the ceremony structure to build a ceremony model. The model defined here spans over a number o… Show more

“…This work continues in a paper by Martimiano et al [53], and then gets expanded through Carlos's Ph.D. thesis [23], for example with the notion of human-to-human or human-to-machine channels. Each such channel can be interpreted over the ceremony concertina model of Bella and Coles-Kemp [13] by compressing specific layers of the concertina, as we shall see ( §3.3); for example, a human-to-human one compresses the technical layers, and other channels may demand only certain other layers of the concertina. Also each channel used by an attacker (for example, the visual, auditive or environmental ones) can be layered through a concertina.…”

“…Our research leverages upon the recent model of security ceremonies of Bella and Coles-Kemp [13], in Figure 1. The model identifies several layers, which go beyond the original ceremonies between users and systems as described by Ellison [33].…”

“…Although general pictures are omitted here, the example uses of the methodology ( §3.4) will feature some example pictures. Figure 1 shows that each player has some internal separations by means of vertical lines, but the original paper about the model [13] omitted an explanation. This is worthy of clarification, and therefore introduce some suitable terminology.…”

“…In particular, works by Blaze [21], Whitworth [99] and Ellison [33] are among the main contributions to broadening the traditional alice-and-bob setting of security protocols. Its second contribution is an analysis methodology for service security and privacy that leverages on a recent model by Bella and Coles-Kemp [13] and adapts it for web services. Termed the ceremony concertina, the model links technology to society through a number of layers, which represent the interposing stakeholders, ranging from computer processes to user personas.…”

Service security and privacy as a socio-technical problem

“…This work continues in a paper by Martimiano et al [53], and then gets expanded through Carlos's Ph.D. thesis [23], for example with the notion of human-to-human or human-to-machine channels. Each such channel can be interpreted over the ceremony concertina model of Bella and Coles-Kemp [13] by compressing specific layers of the concertina, as we shall see ( §3.3); for example, a human-to-human one compresses the technical layers, and other channels may demand only certain other layers of the concertina. Also each channel used by an attacker (for example, the visual, auditive or environmental ones) can be layered through a concertina.…”

“…Our research leverages upon the recent model of security ceremonies of Bella and Coles-Kemp [13], in Figure 1. The model identifies several layers, which go beyond the original ceremonies between users and systems as described by Ellison [33].…”

“…Although general pictures are omitted here, the example uses of the methodology ( §3.4) will feature some example pictures. Figure 1 shows that each player has some internal separations by means of vertical lines, but the original paper about the model [13] omitted an explanation. This is worthy of clarification, and therefore introduce some suitable terminology.…”

“…In particular, works by Blaze [21], Whitworth [99] and Ellison [33] are among the main contributions to broadening the traditional alice-and-bob setting of security protocols. Its second contribution is an analysis methodology for service security and privacy that leverages on a recent model by Bella and Coles-Kemp [13] and adapts it for web services. Termed the ceremony concertina, the model links technology to society through a number of layers, which represent the interposing stakeholders, ranging from computer processes to user personas.…”

Service security and privacy as a socio-technical problem

“…This implies to look at the technical and the human protocols and to consider them together as complex layered ceremonies [7][8] [9]. There is no such study for Hotspot and Hotspot 2.0, neither comparatively nor separately.…”

Socio-technical Security Analysis of Wireless Hotspots

Daemones Non Operantur Nisi Per Artem