Forbidden City Model -- towards a Practice Relevant  Framework for Designing Cryptographic Protocols

   Miroslaw Kutylowski, Lucjan Hanzlik, Kamil Kluczniak, Przemyslaw Kubiak, Lukasz Krzywiecki                     
                        Wroclaw University of Technology


Designing a cryptographic protocol for practical applications  is a challenging task even for relatively 
simple scenarios. The usual approach is to design a protocol having in mind some simple attack scenarios. 
This produces clean designs but many  security problems might be ignored. Repeatedly, the development 
in this area was a sequence of steps: many protocols have been proposed and subsequently broken 
by presenting realistic attack situations not   covered by the original security model. The resulting 
situation is an abundance of models, which are less and less intuitive,  hard to compare and to understand. 

Our goal is to provide a simple and intuitive framework that would help us to capture the key properties 
of the real world architectures and attack scenarios. Motivated by the smart card design, the main idea is 
to build the system architecture in the way that resembles the courtyards of the Emperor's Palace in 
the ancient China. There are many internal courts and strict rules how to cross the boundaries between 
these separate areas. The crucial part of the model is specifying what the adversary can do in each part 
of the system.

Keywords:  cryptographic device, security model, adversary, attack, PACE, active authentication 

(invited paper at ISPEC'2014)