M. Abadi and R. M. Needham, Prudent engineering practice for cryptographic protocols, IEEE Transactions on Software Engineering, vol.22, issue.1, pp.6-15, 1996.
DOI : 10.1109/32.481513
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.225.1311

G. Bella, Formal correctness of security protocols, 2007.
DOI : 10.1007/978-3-540-68136-6

M. Bellare, Practice-oriented provable security, Lectures on Data Security, pp.1-15, 1999.
DOI : 10.1007/bfb0030423
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.55.1317

M. Bellare and P. Rogaway, Entity Authentication and Key Distribution, Lecture Notes in Computer Science, vol.773, pp.232-249, 1993.
DOI : 10.1007/3-540-48329-2_21
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.3423

J. G. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung, Fourth-factor authentication, Proceedings of the 13th ACM conference on Computer and communications security , CCS '06, pp.168-178, 2006.
DOI : 10.1145/1180405.1180427

R. Dhamija, J. Tygar, and M. Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems , CHI '06, p.590, 2006.
DOI : 10.1145/1124772.1124861

C. Ellison, Ceremony Design and Analysis. Cryptology ePrint Archive, Report, vol.399, 2007.

C. Ellison and S. Dohrmann, Public-key support for group collaboration, ACM Transactions on Information and System Security, vol.6, issue.4, pp.547-565, 2003.
DOI : 10.1145/950191.950195

S. Gajek, M. Manulis, A. R. Sadeghi, and J. Schwenk, Provably secure browser-based user-aware mutual authentication over TLS, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.300-311, 2008.
DOI : 10.1145/1368310.1368354
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.433.4533

A. Herzberg, Why Johnny can't surf (safely)? Attacks and defenses for web users, Computers & Security, vol.28, issue.1-2, pp.63-71, 2009.
DOI : 10.1016/j.cose.2008.09.007

C. Karlof, J. D. Tygar, and D. Wagner, Conditioned-safe ceremonies and a user study of an application to web authentication, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09, 2009.
DOI : 10.1145/1572532.1572578

J. Martina and M. Carlos, Why should we analyze security ceremonies, Applications of Logic in Computer Security. The 15th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, 2008.

J. E. Martina, T. C. De-souza, and R. F. Custodio, Ceremonies Formal Analysis in PKI's Context, 2009 International Conference on Computational Science and Engineering, pp.392-398, 2009.
DOI : 10.1109/CSE.2009.324

S. J. Murdoch, S. Drimer, R. J. Anderson, and M. Bond, Chip and PIN is Broken, 2010 IEEE Symposium on Security and Privacy, pp.433-446, 2010.
DOI : 10.1109/SP.2010.33

R. Ruksenas, P. Curzon, and A. Blandford, Detecting Cognitive Causes of Confidentiality Leaks, Electronic Notes in Theoretical Computer Science, vol.183, pp.21-38, 2007.
DOI : 10.1016/j.entcs.2007.01.059

R. Ruksenas, P. Curzon, and A. Blandford, Modelling and analysing cognitive causes of security breaches, ISSE, vol.4, issue.2, pp.143-160, 2008.

A. Shostack and A. Stewart, The New School of Information Security, N.J, 2008.