What Are the Threats? (Charting the Threat Models of Security Ceremonies)

Diego Sempreboni, Giampaolo Bella, Rosario Giustolisi, Luca Vigano

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review

Abstrakt

We address the fundamental question of what are, and how to define, the threat models for a security protocol and its expected human users, the latter pair forming a heterogeneous system that is typically called a security ceremony. Our contribution is the systematic definition of an encompassing method to build the full threat model chart for security ceremonies, from which one can conveniently reify the specific threat models of interest for the ceremony under consideration. For concreteness, we demonstrate the application of the method on three ceremonies that have already been considered in the literature: MP-Auth, Opera Mini and the Danish Mobilpendlerkort ceremony. We discuss how the full threat model chart suggests some interesting threats that haven’t been investigated although they are well worth of scrutiny. In particular, one of the threat models in our chart leads to a novel vulnerability of the Danish Mobilpendlerkort ceremony. We discovered the vulnerability by analysing this threat model using the formal and automated tool Tamarin, which we employed to demonstrate the relevance of our method, but it is important to highlight that our method is generic and can be used with any tool for the analysis of security protocols and ceremonies.
OriginalsprogEngelsk
TitelProceedings of the 16th International Joint Conference on e-Business and Telecommunications
Antal sider12
Vol/bind2
ForlagSCITEPRESS Digital Library
Publikationsdato26 jul. 2019
Sider161*172
ISBN (Elektronisk)978-989-758-378-0
DOI
StatusUdgivet - 26 jul. 2019

Citationsformater