Security Protocols and Threat Models

Protocols connect the many devices used in our personal and professional lives. Hence we require assurances that they are secure in the face of threats.

Security is too important to leave to intuition and experience alone. We need methodologies to precisely determine our security goals. A security property is one that holds despite the best efforts of an attacker, as captured by a threat model. When attacking a protocol, an eavesdropper may inject messages leading to sessions being hijacked and other data breaches.

This textbook goes from intuition, to theory, to tools, explaining different security properties. Ubiquitous protocols keep the discussion real: ePassport protocols used at border checkpoints; the EMV protocol for contactless payments; and Open ID Connect used to sign in to websites. Even threats enabling car theft via relay attacks are taken into consideration by authenticating proximity. The book also analyses threats to privacy such as tracking, mitigated by making sessions unlinkable.

Topics and features:

- The learning curve brings readers to the edge of the topic of security protocols.

- Multiple security and privacy properties and threats are expressed in a core calculus.

- Large real-world case studies showcase the methods in practice.

- The theory informs the accurate usage of tools for checking security protocols.

- Minimal protocols are selected to cleanly illustrate new concepts.

This textbook is designed to take readers with some grounding in computer science to the edge of the field of security protocols. Additionally, it can serve as a highly useful reference for established researchers and security professionals branching out into threat modelling.

Reynaldo Gil-Pons, Felix Stutz and Semen Yurkov were postdoctoral researchers in the Security and Trust of Software Systems group headed by Sjouke Mauw, professor at University of Luxembourg. Ross Horne directs the Cyber Security MSc at University of Strathclyde, UK.