10 Nov 2016 - Sasa Radomirovic - Human Errors in Security Protocols

Title: Human Errors in Security Protocols

Speaker: Sasa Radomirovic

Abstract: Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible. We propose the first formal theory accounting for human errors in security protocols. We tackle the major problem that security protocols are designed and proven to be correct without taking the human users into account. Our theory allows to model more realistic humans that can be untrained or trained. Untrained humans have no knowledge about the protocol and may deviate arbitrarily from its specification. Trained humans generally follow rules or follow the protocol, but may make mistakes such as omitting a critical security check. The model allows to derive what general rules have to be known by a human such that desired security properties are provided by a protocol. We validate the utility of our model by analyzing and comparing several authentication protocols.

Nov 10 2016 -

10 Nov 2016 - Sasa Radomirovic - Human Errors in Security Protocols

Many security protocols involve humans, not machines, as endpoints. The differences are critical: humans are not only computationally weaker than machines, they are naive, careless, and gullible.

IF 4.31/33