Automatic socio-technical security analysis
Automated security analysis usually does not take into account the behavior of the user (e.g., that he might ignore warnings in browsers). Socio-technical security analysis takes into account both the cryptographic protocol and the user's behavior. However, to come up with a suitable description of the user's behavior is difficult, in particular it requires the expertise of a psychologist, not of a cryptographer. The task of this thesis is to make a prototype for a tool that automatically identifies user behaviors that upon which the protocol becomes insecure (using a model checker), and interactively guides a non-technical user (e.g., the psychologist) through the development of a user model that is complete enough for showing the socio-technical security of the protocol (or that shows that the protocol is vulnerable).
Lõputöö kaitsmise aasta
Background in cryptography or security, programming skills, interest in tools for protocol analysis (model checkers)