Online citations, reference lists, and bibliographies.

Formal Modeling And Automatic Security Analysis Of Two-Factor And Two-Channel Authentication Protocols

A. Armando, R. Carbone, L. Zanetti
Published 2013 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
As the number of security-critical, online applications grows, the protection of the digital identities of the users is becoming a growing concern. Strong authentication protocols provide additional security by requiring the user to provide at least two independent proofs of identity for the authentication to succeed. In this paper we provide a formal model and mechanical security analysis of two protocols for two-factor and two-channel authentication for web applications that relies on the user’s mobile phone as a second authentication factor and the GSM/3G communication infrastructure as the second communication channel. By using a model checker we detected vulnerabilities in the protocols that allow an attacker to carry out a security-sensitive operation by using only one of the two authentication factors. We also present a fix that allows to patch the protocols.
This paper references
Strong authentication with mobile phone as security token
Do Van Thanh (2009)
SATMC: A SAT-Based Model Checker for Security Protocols
A. Armando (2004)
one-time passwords for protection against real-time phishing attacks
RSA. Enhancin (2012)
Protecting against phishing by implementing strong two-factor authentication. www.
Rsa (2012)
Enhancing one-time passwords for protection against real-time phishing attacks. www.
Rsa (2012)
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
A. Armando (2012)
The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications
A. Armando (2005)
Attacks are Protocols Too
A. M. Hagalisletto (2007)
Protecting against phishing by implementing strong two - factor authentication
D. van Thanh (1997)
against phishing by implementing strong two-factor authentication
RSA. Protectin (2012)
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps
A. Armando (2008)
A hierarchy of authentication specifications
G. Lowe (1997)
LTL model checking for security protocols
A. Armando (2009)
Analyzing two-factor authentication devices
A. M. Hagalisletto (2007)
Strong user authentication on the web
M. C. David Chou (2012)
SecureCall Authorization -Web Services Interface v3.0
Aliaslab (2010)
and M
A. Armando (2008)
The Case for Mobile Two-Factor Authentication
Dimitri do B. DeFigueiredo (2011)
Saskia Bonjour (1824)
On the security of public key protocols
D. Dolev (1981)

This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar