Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience

This page contains complementary material related to the following paper:
  • Title: Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
  • Authors: Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca ViganĂ²
  • DOI: 10.1007/978-3-319-89722-6_8
  • Acceptance News: Link

Abstract

Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis that we performed validates the security goals of the solution we propose.

Complementary Material

Structure

  • IDOTP App Scenario: description of the use-case scenario and link to download the protocol specification file (idotp.aslan++);
  • Security Results: description and results of the security analyses performed in our analysis;
  • Tools: links to download the SATMC model checker tool and the STIATE plugin used to perform the security assessment.

Involved People

Sciarretta Giada

Giada Sciarretta

Carbone Roberto

Roberto Carbone

Ranise Silvio

Silvio Ranise

ViganĂ² Luca

Luca ViganĂ²