Ceremony analysis : strengths and weaknesses
Radke, Kenneth, Boyd, Colin, Gonzalez Nieto, Juan M., & Brereton, Margot (2011) Ceremony analysis : strengths and weaknesses. In Future Challenges in Security and Privacy for Academia and Industry : 26th IFIP TC 11 International Information Security Conference (SEC 2011) Proceedings, Springer, Lucerne University of Applied Sciences and Arts, Luzern, pp. 104-115.
We investigate known security flaws in the context of security ceremonies to gain an understanding of the ceremony analysis process. The term security ceremonies is used to describe a system of protocols and humans which interact for a specific purpose. Security ceremonies and ceremony analysis is an area of research in its infancy, and we explore the basic principles involved to better understand the issues involved.We analyse three ceremonies, HTTPS, EMV and Opera Mini, and use the information gained from the experience to establish a list of typical flaws
in ceremonies. Finally, we use that list to analyse a protocol proven secure for human use. This leads to a realisation of the strengths and weaknesses of ceremony analysis.
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Keywords:||Ceremony, Security, Privacy, Provable Security, Humans, EMV, HTTPS, Opera Mini|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)|
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Built Environment and Engineering|
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2011 IFIP International Federation for Information Processing|
|Deposited On:||06 Jul 2011 11:15|
|Last Modified:||15 Dec 2011 14:29|
Repository Staff Only: item control page