2013 | OriginalPaper | Buchkapitel
Formal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols
verfasst von : Alessandro Armando, Roberto Carbone, Luca Zanetti
Erschienen in: Network and System Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
As the number of security-critical, online applications grows, the protection of the digital identities of the users is becoming a growing concern. Strong authentication protocols provide additional security by requiring the user to provide at least two independent proofs of identity for the authentication to succeed. In this paper we provide a formal model and mechanical security analysis of two protocols for two-factor and two-channel authentication for web applications that relies on the user’s mobile phone as a second authentication factor and the GSM/3G communication infrastructure as the second communication channel. By using a model checker we detected vulnerabilities in the protocols that allow an attacker to carry out a security-sensitive operation by using only one of the two authentication factors. We also present a fix that allows to patch the protocols.