nach oben

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

Erschienen in:

Kapitel lesen Erstes Kapitel lesen

2020 | OriginalPaper | Buchkapitel

MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols

verfasst von: Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise

Erschienen in: Emerging Technologies for Authorization and Authentication

Verlag: Springer International Publishing

Einloggen, um Zugang zu erhalten

Abstract

In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear.

We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.

Vorheriges Kapitel Collaborative Authentication Using Threshold Cryptography

Nächstes Kapitel A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices

Nur mit Berechtigung zugänglich

https://www.nordea.se/.

https://www.nordea.se/Images/154-21252/quickguide-cardreader.PDF.

https://www.nordea.se/Images/154-300029/Broschyr_skaffa_Mobilt_BankID.pdf.

We use “;” to separate the elements of the sequence.

Armando, A., Carbone, R., Zanetti, L.: Formal modeling and automatic security analysis of two-factor and two-channel authentication protocols. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 728–734. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38631-2_63 CrossRef

Cristofaro, E.D., Du, H., Freudiger, J., Norcie, G.: Two-Factor or not Two-Factor? A Comparative Usability Study of Two-Factor Authentication. CoRR abs/1309.5344. University College London (2013)

DeFigueiredo, D.: The case for mobile two-factor authentication. IEEE Secur. Priv. 9, 81–85 (2011) CrossRef

European Banking Authority: Recommendations for the Security of Internet Payments (2013). https://www.ecb.europa.eu/pub/pdf/other/recommendationssecurityinternetpaymentsoutcomeofpcfinalversionafterpc201301en.pdf

European Banking Authority: Recommendations for the Security of Mobile Payments - DRAFT (2013). https://www.ecb.europa.eu/paym/cons/pdf/131120/recommendationsforthesecurityofmobilepaymentsdraftpc201311en.pdf

European Banking Authority: Directive 2015/2366 of the European Parliament and of the Council on payment services in the internal market (PSD2) (2015). https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32015L2366

European Banking Authority: Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of PSD2 (2017). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R0389&from=EN

Furst, K., Lang, W.W., Nolle, D.E.: Internet banking: Developments and prospects. Economic and Policy Analysis Working Paper No. 2000-9, Office of the Comptroller of the Currency (2000)

Hao, F., Clarke, D.: Security analysis of a multi-factor authenticated key exchange protocol. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 1–11. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31284-7_1 CrossRef

10.

Kennedy, E., Millard, C.: Data security and multi-factor authentication: analysis of requirements under EU law and in selected EU Member States. Comput. Law Secur. Rev. 32, 91–110 (2016) CrossRef

11.

Krol, K., Philippou, E., Cristofaro, E.D., Sasse, M.A.: “They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking. CoRR abs/1501.04434. University College London (2015)

12.

NIST: Special Publication - Digital Identity Guidelines (2017). https://pages.nist.gov/800-63-3/

13.

Sciarretta, G., Carbone, R., Ranise, S., Viganò, L.: Design, formal specification and analysis of multi-factor authentication solutions with a single sign-on experience. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 188–213. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_8 CrossRef

14.

Weir, C.S., Douglas, G., Richardson, T., Jack, M.: Usable security: user preferences for authentication methods in eBanking and the effects of experience. Interact. Comput. 22(3), 153–164 (2010) CrossRef

Titel: MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
verfasst von: Federico Sinigaglia
Roberto Carbone
Gabriele Costa
Silvio Ranise
Verlag: Springer International Publishing
Buch: Emerging Technologies for Authorization and Authentication
Print ISBN: 978-3-030-39748-7

Electronic ISBN: 978-3-030-39749-4

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-39749-4_9

Springer Professional

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols

Abstract

Premium Partner

Springer Professional

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

Abstract

Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten

Premium Partner