Modelling User Devices in Security Ceremonies

Abstract

User constrained devices such as smart cards are commonly used in human-protocol interaction. Modelling these devices as part of human-protocol interaction is still an open problem. Examining the interaction of these devices as part of security ceremonies offers greater insight. This paper highlights two such cases: modelling extra channels between humans and devices in the ceremony, and modelling possession when the device also acts as an agent in the ceremony. Case studies where such devices are used during authentication ceremonies are presented to demonstrate these use cases.