IRIS

In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear. We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.

MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols / Sinigaglia, F.; Carbone, R.; Costa, G.; Ranise, S.. - 11967:(2020), pp. 138-155. (Intervento presentato al convegno 2nd International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019 tenutosi a lux nel 2019) [10.1007/978-3-030-39749-4_9].

MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols

Ranise S.
2020-01-01

Abstract

In recent years, the usage of online services (e.g., banking) has considerably increased. To protect the sensitive resources managed by these services against attackers, Multi-Factor Authentication (MFA) has been widely adopted. To date, a variety of MFA protocols have been implemented, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA protocols, but their influence on existing MFA implementations remains unclear. We present MuFASA, a tool for high-level specification and analysis of MFA protocols, which aims at supporting normal users and security experts (in the design phase of an MFA protocol), providing a high level report regarding possible risks associated to the specified MFA protocol, its resistance to a set of attacker models (defined by NIST), its ease-of-use and its compliance with a set of security requirements derived from European laws.
2020
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
Springer
978-3-030-39748-7
978-3-030-39749-4
2-s2.0-85079237375
WOS:000655496500009
Sinigaglia, F.; Carbone, R.; Costa, G.; Ranise, S.
MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols / Sinigaglia, F.; Carbone, R.; Costa, G.; Ranise, S.. - 11967:(2020), pp. 138-155. (Intervento presentato al convegno 2nd International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019 tenutosi a lux nel 2019) [10.1007/978-3-030-39749-4_9].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333300
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 1
  • OpenAlex ND
social impact