Security Protocols & Ceremonies

Security protocols (also known as cryptographic protocols) are sequences of steps and interactions among components of a distributed system, that rely on the use of cryptography for achieving various security goals in hostile environments.

Security protocols are hence at the core of most systems supporting modern society—communications, transport networking, online banking, etc.—providing various security services, such as the authentication of nodes, the establishment of secure channels, ensuring anonymous communications, and so on. 

Since the correct design of security protocols is difficult and error-prone, it becomes essential to provide rigorous proofs that the protocol achieves expected security goals in the presence of specific adversaries. These proofs of security are important to detect flaws along the development stages of a protocol: design, implementation, compilation, etc. 

As security protocols underlie services meant to be used by humans, the users often play a significant role in the achievement of security goals. In consideration of that, security ceremonies extend security protocols allowing to model human actions and interactions with a system, to study for instance deviations from the ideal behavior and how they affect the security of a system. Our research focuses on both technical and socio-technical aspects of security protocols and ceremonies.

In various cybersecurity contexts, our research activities cover: 

• Design and analysis of security protocols and ceremonies in diverse application domains, e.g., secure email and secure electronic exams 
• Formal modeling and verification of security protocols and ceremonies 
• Definition and formalization of security properties in diverse contexts 
• Design of mathematically-based techniques and frameworks for enabling a rigorous socio-technical analysis of protocols and ceremonies 
• Formally verified implementations of security protocols