Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2020 | OriginalPaper | Buchkapitel

MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols

verfasst von: Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise

Erschienen in: Emerging Technologies for Authorization and Authentication

Verlag: Springer International Publishing

share
TEILEN

Abstract

In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear.
We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.
Anhänge
Nur mit Berechtigung zugänglich
Literatur
2.
Zurück zum Zitat Cristofaro, E.D., Du, H., Freudiger, J., Norcie, G.: Two-Factor or not Two-Factor? A Comparative Usability Study of Two-Factor Authentication. CoRR abs/1309.5344. University College London (2013) Cristofaro, E.D., Du, H., Freudiger, J., Norcie, G.: Two-Factor or not Two-Factor? A Comparative Usability Study of Two-Factor Authentication. CoRR abs/1309.5344. University College London (2013)
3.
Zurück zum Zitat DeFigueiredo, D.: The case for mobile two-factor authentication. IEEE Secur. Priv. 9, 81–85 (2011) CrossRef DeFigueiredo, D.: The case for mobile two-factor authentication. IEEE Secur. Priv. 9, 81–85 (2011) CrossRef
8.
Zurück zum Zitat Furst, K., Lang, W.W., Nolle, D.E.: Internet banking: Developments and prospects. Economic and Policy Analysis Working Paper No. 2000-9, Office of the Comptroller of the Currency (2000) Furst, K., Lang, W.W., Nolle, D.E.: Internet banking: Developments and prospects. Economic and Policy Analysis Working Paper No. 2000-9, Office of the Comptroller of the Currency (2000)
10.
Zurück zum Zitat Kennedy, E., Millard, C.: Data security and multi-factor authentication: analysis of requirements under EU law and in selected EU Member States. Comput. Law Secur. Rev. 32, 91–110 (2016) CrossRef Kennedy, E., Millard, C.: Data security and multi-factor authentication: analysis of requirements under EU law and in selected EU Member States. Comput. Law Secur. Rev. 32, 91–110 (2016) CrossRef
11.
Zurück zum Zitat Krol, K., Philippou, E., Cristofaro, E.D., Sasse, M.A.: “They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking. CoRR abs/1501.04434. University College London (2015) Krol, K., Philippou, E., Cristofaro, E.D., Sasse, M.A.: “They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking. CoRR abs/1501.04434. University College London (2015)
14.
Zurück zum Zitat Weir, C.S., Douglas, G., Richardson, T., Jack, M.: Usable security: user preferences for authentication methods in eBanking and the effects of experience. Interact. Comput. 22(3), 153–164 (2010) CrossRef Weir, C.S., Douglas, G., Richardson, T., Jack, M.: Usable security: user preferences for authentication methods in eBanking and the effects of experience. Interact. Comput. 22(3), 153–164 (2010) CrossRef
Metadaten
Titel
MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
verfasst von
Federico Sinigaglia
Roberto Carbone
Gabriele Costa
Silvio Ranise
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-39749-4_9

Premium Partner