2011
DOI: 10.1007/978-3-642-21424-0_9
|View full text |Cite
|
Sign up to set email alerts
|

Ceremony Analysis: Strengths and Weaknesses

Abstract: Abstract. We investigate known security flaws in the context of security ceremonies to gain an understanding of the ceremony analysis process. The term security ceremonies is used to describe a system of protocols and humans which interact for a specific purpose. Security ceremonies and ceremony analysis is an area of research in its infancy, and we explore the basic principles involved to better understand the issues involved. We analyse three ceremonies, HTTPS, EMV and Opera Mini, and use the information gai… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
26
0

Year Published

2014
2014
2024
2024

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 27 publications
(26 citation statements)
references
References 17 publications
0
26
0
Order By: Relevance
“…Thinking of protocols as ceremonies brings new insights in understanding how security does or does not work, and reveals flaws that a sheer reductionist approach to technical security is not able to capture. This is clearly shown in recent work of Radke et al [19]. The authors identify flaws in the Mini Opera browser ceremonies emerging from the HTTPS protocol when used in a certain context, despite the fact that the protocol is correct and secure in the traditional meaning of those terms.…”
Section: Related Workmentioning
confidence: 67%
See 1 more Smart Citation
“…Thinking of protocols as ceremonies brings new insights in understanding how security does or does not work, and reveals flaws that a sheer reductionist approach to technical security is not able to capture. This is clearly shown in recent work of Radke et al [19]. The authors identify flaws in the Mini Opera browser ceremonies emerging from the HTTPS protocol when used in a certain context, despite the fact that the protocol is correct and secure in the traditional meaning of those terms.…”
Section: Related Workmentioning
confidence: 67%
“…Moreover, also the cues that the user interface should use have not been codified, and are far from being standardised. Notably, a recent release of the Opera Mini browser, with its 144 million users each month worldwide [28], was found to display a padlock when an intermediate server interposes between the client and the server, hence without end-to-end security [19].…”
Section: Example 1 the Formal Analysis Of The Two-layered Security Cmentioning
confidence: 99%
“…Thinking of protocols as ceremonies brings new insights on how security does or does not work, and reveals flaws that a sheer reductionist approach to technical security is not able to capture. This is clearly shown in recent work of Radke et al [65]. The authors identify a flaw in the Opera Mini browser ceremonies emerging from the HTTPS protocol when used in a certain context, despite the fact that the protocol is secure in the traditional sense ( §3.4).…”
Section: The Socio-technical Perspectivementioning
confidence: 68%
“…Moreover, also the cues that the user interface should use have not been codified, let alone standardised. Notably, a recent release of the Opera Mini browser, with its 300 million worldwide users in February 2013 [88], was found to display a padlock when an intermediate server interposes between the client and the server, hence without end-to-end security [65].…”
Section: Example Usesmentioning
confidence: 99%
“…Influences have been identified in the configuration of security settings of WiFi access points [30], in the purchase of seat reservations on railways [31], to the percentage of organ donors [32] and to response rates in web surveys [33]. The common theme is that users tend to accept default settings, so that defaults can also be seen as a de facto regulation [30].…”
Section: Theoretical Backgroundmentioning
confidence: 99%