Security & Trust

Paper accepted at POST 2018

Published: Jan 25, 2018
Tags:papers
The following paper has been accepted at the 7th International Conference on Principles of Security and Trust (POST 2018):
  • Title: Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
  • Author: Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca ViganĂ²
  • Abstract: Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis that we performed validates the security goals of the solution we propose.
  • DOI: 10.1007/978-3-319-89722-6_8

The paper will be presented by Giada Sciarretta on Monday, April 16, 2018 at 15:30 in the context of the Leakage, Information Flow, and Protocols Session.

About the conference

  • Name: 7th International Conference on Principles of Security and Trust (POST 2018)
  • Date: from April 14, 2018 to April 20, 2018
  • Location: Thessaloniki, Greece
  • Website: https://www.etaps.org/2018/post

Involved People

Giada Sciarretta

Giada Sciarretta

Roberto Carbone

Roberto Carbone

Silvio Ranise

Silvio Ranise