Paper accepted at ETAA 2019

Published: Jul 30, 2019
The following paper has been accepted at the 2nd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA 2019):
  • Title: MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
  • Authors: Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise
  • Abstract: In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear. We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.
  • DOI: 10.1007/978-3-030-39749-4_9
  • Complementary Material: Link

About the workshop

Involved People

Sinigaglia Federico

Federico Sinigaglia

Carbone Roberto

Roberto Carbone

Ranise Silvio

Silvio Ranise