Secure and Usable Mobile Solutions for Authentication and Single Sign-On

A Methodology for their Design and Assessment

This page contains complementary material related to the following paper:
  • Title: Secure and Usable Mobile Solutions for Authentication and Single Sign-On: a Methodology for their Design and Assessment
  • Authors: Roberto Carbone, Silvio Ranise and Giada Sciarretta

Abstract

The widespread use of digital identities in our everyday life, along with the release of our sensitive data on many online transactions, calls for Identity Management (IdM) solutions that are secure, usable, privacy-aware, and compatible with new technologies, such as mobile and cloud. While there exist many secure IdM solutions for web applications, their adaptation in the mobile context is a new and open challenge. Due to the lack of specifications and security guidelines, designing a mobile IdM solution that covers different authentication aspects from scratch is not a simple task; and as its security depends on several trust and communication assumptions, in most cases, could result in a solution with hidden vulnerabilities. To overcome this difficulty, we provide a reference model and a design methodology which can be used by different organizations to implement mobile Single Sign-On and multi-factor authentication. Main objectives of the workshop are to create awareness of privacy and security issues together with legal provisions related to authentication in mobile computing and perform an experimental evaluation of security vs usability of widespread second-factor authentication solutions for mobile applications.

Complementary Material

Documents:

Involved People

Carbone Roberto

Roberto Carbone

Ranise Silvio

Silvio Ranise

Sciarretta Giada

Giada Sciarretta