An Extensive Formal Analysis of Multi-factor Authentication Protocols
نویسندگان
چکیده
Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. This motivated use of additional authentication mechanisms in so-called multi-factor protocols. In this article, we define a detailed threat model kind protocol: While classical protocol analysis attackers control communication network, take into account that many communications performed over TLS channels, computers may be infected by different kinds malware, could perform phishing, and humans omit some actions. We formalize applied pi calculus an extensive comparison several widely used protocols—variants Google 2-step FIDO’s U2F (Yubico’s Security Key token). The is completely automated, generating systematically all combinations scenarios each protocols using P ROVERIF tool automated analysis. To validate our attacks, demonstrate their feasibility practice, experiments run laboratory environment. Our highlights weaknesses strengths It allows us suggest small modifications existing easy implement, as well extension improves scenarios.
منابع مشابه
Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملFormal Methods for the Analysis of Authentication Protocols
In this paper, we examine current approaches and the state of the art in the application of formal methods to the analysis of cryptographic protocols. We use Meadows' classi cation of analysis techniques into four types. The Type I approach models and veri es a protocol using speci cation languages and veri cation tools not speci cally developed for the analysis of cryptographic protocols. In t...
متن کاملautomatic verification of authentication protocols using genetic programming
implicit and unobserved errors and vulnerabilities issues usually arise in cryptographic protocols and especially in authentication protocols. this may enable an attacker to make serious damages to the desired system, such as having the access to or changing secret documents, interfering in bank transactions, having access to users’ accounts, or may be having the control all over the syste...
15 صفحه اولFormal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols
As the number of security-critical, online applications grows, the protection of the digital identities of the users is becoming a growing concern. Strong authentication protocols provide additional security by requiring the user to provide at least two independent proofs of identity for the authentication to succeed. In this paper we provide a formal model and mechanical security analysis of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM transactions on privacy and security
سال: 2021
ISSN: ['2471-2574', '2471-2566']
DOI: https://doi.org/10.1145/3440712