We blend research from human-computer interface (HCI) design with computational based crypto-graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high-light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security ceremony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar protocol implemented by a financial institution, from both HCI and cryptographic perspectives.
|Cite as: Radke, K., Boyd, C., Nieto, J.G. and Brereton, M. (2012). Towards a Secure Human-and-Computer Mutual Authentication Protocol. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 39-46 |
(local if available)