Paper 2007/399

Ceremony Design and Analysis

Carl Ellison


The concept of ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature techniques used for the design and analysis of protocols. Ceremonies include all protocols, as well as all applications with a user interface, all workflow and all provisioning scenarios. A secure ceremony is secure against both normal attacks and social engineering. However, some secure protocols imply ceremonies that cannot be made secure.

Note: added a section and fixed some typos, in response to feedback from a reviewer.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. (none)
implementationkey managementsocial engineeringhuman-computer interface
Contact author(s)
cme @ microsoft com
2007-10-21: received
Short URL
Creative Commons Attribution


      author = {Carl Ellison},
      title = {Ceremony Design and Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2007/399},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.