Online citations, reference lists, and bibliographies.

Formal Modeling And Automatic Security Analysis Of Two-Factor And Two-Channel Authentication Protocols

A. Armando, R. Carbone, L. Zanetti
Published 2013 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
As the number of security-critical, online applications grows, the protection of the digital identities of the users is becoming a growing concern. Strong authentication protocols provide additional security by requiring the user to provide at least two independent proofs of identity for the authentication to succeed. In this paper we provide a formal model and mechanical security analysis of two protocols for two-factor and two-channel authentication for web applications that relies on the user’s mobile phone as a second authentication factor and the GSM/3G communication infrastructure as the second communication channel. By using a model checker we detected vulnerabilities in the protocols that allow an attacker to carry out a security-sensitive operation by using only one of the two authentication factors. We also present a fix that allows to patch the protocols.
This paper references
10.1109/MOBHOC.2009.5336918
Strong authentication with mobile phone as security token
Do Van Thanh (2009)
10.1007/978-3-540-30227-8_68
SATMC: A SAT-Based Model Checker for Security Protocols
A. Armando (2004)
one-time passwords for protection against real-time phishing attacks
RSA. Enhancin (2012)
Protecting against phishing by implementing strong two-factor authentication. www. rsasecurity.com
Rsa (2012)
Enhancing one-time passwords for protection against real-time phishing attacks. www. rsasecurity.com
Rsa (2012)
10.1007/978-3-642-28756-5_19
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
A. Armando (2012)
10.1007/11513988_27
The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications
A. Armando (2005)
10.1109/ARES.2007.46
Attacks are Protocols Too
A. M. Hagalisletto (2007)
Protecting against phishing by implementing strong two - factor authentication
D. van Thanh (1997)
against phishing by implementing strong two-factor authentication
RSA. Protectin (2012)
10.1145/1456396.1456397
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps
A. Armando (2008)
10.1109/CSFW.1997.596782
A hierarchy of authentication specifications
G. Lowe (1997)
10.3166/jancl.19.403-429
LTL model checking for security protocols
A. Armando (2009)
Analyzing two-factor authentication devices
A. M. Hagalisletto (2007)
Strong user authentication on the web
M. C. David Chou (2012)
SecureCall Authorization -Web Services Interface v3.0
Aliaslab (2010)
and M
A. Armando (2008)
10.1109/MSP.2011.144
The Case for Mobile Two-Factor Authentication
Dimitri do B. DeFigueiredo (2011)
10.1515/9783111576855-009
D
Saskia Bonjour (1824)
10.1109/TIT.1983.1056650
On the security of public key protocols
D. Dolev (1981)



This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar