Security Protocols and Threat Models - (Information Security and Cryptography) (Hardcover)

From the Back Cover

Protocols connect the many devices used in our personal and professional lives. Hence we require assurances that they are secure in the face of threats.

Security is too important to leave to intuition and experience alone. We need methodologies to precisely determine our security goals. A security property is one that holds despite the best efforts of an attacker, as captured by a threat model. When attacking a protocol, an eavesdropper may inject messages leading to sessions being hijacked and other data breaches.

This textbook goes from intuition, to theory, to tools, explaining different security properties. Ubiquitous protocols keep the discussion real: ePassport protocols used at border checkpoints; the EMV protocol for contactless payments; and Open ID Connect used to sign in to websites. Even threats enabling car theft via relay attacks are taken into consideration by authenticating proximity. The book also analyses threats to privacy such as tracking, mitigated by making sessions unlinkable.

Topics and features:

• The learning curve brings readers to the edge of the topic of security protocols.
• Multiple security and privacy properties and threats are expressed in a core calculus.
• Large real-world case studies showcase the methods in practice.
• The theory informs the accurate usage of tools for checking security protocols.
• Minimal protocols are selected to cleanly illustrate new concepts.

This textbook is designed to take readers with some grounding in computer science to the edge of the field of security protocols. Additionally, it can serve as a highly useful reference for established researchers and security professionals branching out into threat modelling.

Reynaldo Gil-Pons, Felix Stutz and Semen Yurkov were postdoctoral researchers in the Security and Trust of Software Systems group headed by Sjouke Mauw, professor at University of Luxembourg. Ross Horne directs the Cyber Security MSc at University of Strathclyde, UK.

About the Author

Reynaldo Gil-Pons is a research engineer at NearOne. He completed his PhD in 2024 at the University of Luxembourg, under the supervision of Sjouke Mauw and Rolando Trujillo Rasua, on the formal verification and development of secure memory erasure protocols. His current research is focused on the development and implementation of cryptographic applications, with a focus on multi-party computation protocols.

Ross Horne is a senior lecturer at University of Strathclyde, Glasgow, where he directs the Cyber Security MSc. Previously, he was a research scientist in cyber security labs at Nanyang Technological University, Singapore, and at University of Luxembourg. His work focusses on security and privacy of protocols such as ePassports, contactless payments, and multiparty authentication protocols. He designs logical systems inspired by problems in concurrency and security. He is prototyping protocols to demonstrate the practical feasibility of implementing protocols with stronger security and privacy guarantees.

Sjouke Mauw is professor in computer security at the University of Luxembourg. He holds a Master in Mathematics and a PhD in Computer Science from the University of Amsterdam. He is head of the SaToSS (Security and Trust of Software Systems) research group, which focuses on the application of formal methods to the design and analysis of secure systems. His research interests include security protocols, e-voting, security assessment, trust and risk management, privacy, and attack trees.

Felix Stutz is a postdoctoral researcher at the University of Luxembourg. He conducted his doctoral research at the Max Planck Institute for Software Systems and obtained his PhD from the University of Kaiserslautern-Landau. His research focuses on formal methods for security and software verification, with applications to security protocols and message-passing programs.

Semen Yurkov is a postdoctoral researcher at the University of Rovira i Virgili, Spain. He completed his PhD at the University of Luxembourg, where he worked with Sjouke Mauw and Ross Horne on verifying security and privacy of smartcard-based payment protocols. His current research focuses on the formal verification of systems that aim to provide provenance tracking and tamper detection for digital content.