Affiliation:
1. Security 8 Trust, FBK, Trento, Italia
2. Department of Informatics, King’s College London, London, United Kingdom
Abstract
Over the last few years, there has been an almost exponential increase in the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication factors of different categories are required instead. Even if several solutions are currently used, their security analyses have been performed informally or semiformally at best, and without a reference model and a precise definition of the multi-factor authentication property. This makes a comparison among the different solutions both complex and potentially misleading. In this article, we first present the design of two reference models for native applications based on the requirements of two real-world use-case scenarios. Common features between them are the use of one-time password approaches and the support of a single sign-on experience. Then, we provide a formal specification of our threat model and the security goals, and discuss the automated security analysis that we performed. Our formal analysis validates the security goals of the two reference models we propose and provides an important building block for the formal analysis of different multi-factor authentication solutions.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference58 articles.
1. Android. 2017. Handling Android App Links. Retrieved from https://developer.android.com/training/app-links/index.html. Android. 2017. Handling Android App Links. Retrieved from https://developer.android.com/training/app-links/index.html.
2. Android. 2019. Android Security 8 Privacy 2018 Year in Review. Retrieved from https://source.android.com/security/reports/Google_Android_Security_2018_Report_Final.pdf. Android. 2019. Android Security 8 Privacy 2018 Year in Review. Retrieved from https://source.android.com/security/reports/Google_Android_Security_2018_Report_Final.pdf.
3. SATMC: a SAT-based model checker for security protocols, business processes, and security APIs
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献