Published: Jan 25, 2018 The following paper has been accepted at the 7th International Conference on Principles of Security and Trust (POST 2018):
- Title: Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
- Authors: Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca Viganò
- Abstract: Over the last few years, there has been an almost exponential increase of the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication elements of different categories are required. Many different such solutions are available, but they usually cover the scenario of a user accessing web applications on their laptops, whereas in this paper we focus on native mobile applications. This changes the exploitable attack surface and thus requires a specific analysis. In this paper, we present the design, the formal specification and the security analysis of a solution that allows users to access different mobile applications through a multi-factor authentication solution providing a Single Sign-On experience. The formal and automated analysis that we performed validates the security goals of the solution we propose.
- DOI: 10.1007/978-3-319-89722-6_8
The paper will be presented by Giada Sciarretta on Monday, April 16, 2018 at 15:30 in the context of the Leakage, Information Flow, and Protocols Session.
About the conference
- Name: 7th International Conference on Principles of Security and Trust (POST 2018)
- Date: from April 14, 2018 to April 20, 2018
- Location: Thessaloniki, Greece
- Website: https://www.etaps.org/2018/post