An Extensive Formal Analysis of Multi-factor Authentication Protocols

  title={An Extensive Formal Analysis of Multi-factor Authentication Protocols},
  author={Charlie Jacomme and Steve Kremer},
  journal={2018 IEEE 31st Computer Security Foundations Symposium (CSF)},
  • Charlie Jacomme, S. Kremer
  • Published 20 April 2018
  • Computer Science
  • 2018 IEEE 31st Computer Security Foundations Symposium (CSF)
Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. [] Key Method We formalize this model in the applied pi calculus and perform an extensive analysis and comparison of several widely used protocols — variants of Google 2-step and FIDO’s U2F.

Figures and Tables from this paper

Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login

This article presents the design of two reference models for native applications based on the requirements of two real-world use-case scenarios, and provides a formal specification of the threat model and the security goals, and discusses the automated security analysis that was performed.

A Formal Analysis of the FIDO UAF Protocol

This paper presents a comprehensive and formal verification of the FIDO UAF protocol by formalizing its security assumptions and goals and modeling the protocol under different scenarios in ProVerif and identifies the minimal security assumptions required for each of the security goals of FIDo UAF to hold.

Please Remember Me: Security Analysis of U2F Remember Me Implementations in The Wild

This work presents the first systematic analysis of this undocumented feature, remember me, and shows that its security implications are not well understood, and discloses a practical attack against Facebook in which an attacker can permanently deactivate the enabled 2FA options of a targeted victim without knowing their authentication credentials.

Preuves de protocoles cryptographiques : méthodes symboliques et attaquants puissants. (Proofs of security protocols : symbolic methods and powerful attackers)

This Thesis strives to ease the process of formal, extensive, modular and machine-checked proofs in the case of cryptographic protocols and powerful attackers in the Computationally Complete Symbolic Attacker model.

FIDO2 With Two Displays - Or How to Protect Security-Critical Web Transactions Against Malware Attacks

A new paradigm to improve two-factor authentication that involves the concepts of one-out- of-two security and transaction authentication is proposed, which can protect security-critical transactions against manipulation, even if one of the factors is completely compromised.

A Forward-secure Efficient Two-factor Authentication Protocol

This work presents a 2FA protocol that requires a client to remember only a single secret value/PIN, does not involve any modular exponentiations, and is in a standard model and imposes up to 40% lower communication overhead than the state-of theart solutions do.

ESSM: Formal Analysis Framework for Protocol to Support Algebraic Operations and More Attack Capabilities

The extended strand space model (ESSM) framework is established to describe algebraic semantics, including the Abelian group and the XOR operation, and a threat model based on algebraic attacks, key-compromise impersonation attacks, and guess attacks.

Provable Security Analysis of FIDO2

The first provable security analysis of the new FIDO2 protocols is carried out and the adoption of the sPACA protocol is advocated as a substitute for CTAP2 for both stronger security and better performance.

MAC-in-the-Box: Verifying a Minimalistic Hardware Design for MAC Computation

It is formally verified, in the HOL4 theorem prover, that no outside observer can distinguish this device from an ideal functionality that provides only access to a hashing oracle.

Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild

The results show that, on a hardware-unsupported device, the authentication data for Windows Hello is not properly protected, and this paper proposes a migration attack to compromise Windows Hello’s security.



Formal Modeling and Automatic Security Analysis of Two-Factor and Two-Channel Authentication Protocols

A formal model and mechanical security analysis of two protocols for two-factor and two-channel authentication for web applications that relies on the user’s mobile phone as a second authentication factor and the GSM/3G communication infrastructure as the second communication channel is provided.

Automated Analysis of Security Protocols with Global State

A process calculus which is a variant of the applied pi calculus with constructs for manipulation of a global state by processes running in parallel is proposed and it is shown that this language can be translated to MSR rules whilst preserving all security properties expressible in a dedicated first-order logic for security properties.

Modeling Human Errors in Security Protocols

It is shown how the Tamarin tool can be used to automatically analyze security protocols involving human errors, and provides a starting point for a fine-grained classification of security protocols from a usable-security perspective.

Formal Analysis of the FIDO 1.x Protocol

This paper presents a formal analysis of FIDO, a protocol that aims to provide either a passwordless experience or an extra security layer for user authentication over the Internet and shows that ignoring some optional steps of the standard could lead to the implementation of a flawed authentication process.

On the security of public key protocols

  • D. DolevA. Yao
  • Computer Science
    22nd Annual Symposium on Foundations of Computer Science (sfcs 1981)
  • 1981
Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.

A Complete Characterization of Secure Human-Server Communication

A general communication topology model is introduced to facilitate the analysis of security protocols in this setting and can serve to guide the design of novel solutions for applications and to quickly exclude proposals that cannot possibly offer secure communication.

The Applied Pi Calculus: Mobile Values, New Names, and Secure Communication

The applied pi calculus is defined, a simple, general extension of the pi calculus in which values can be formed from names via the application of built-in functions, subject to equations, and sent as messages.

On the Security of Public Key Protocols (Extended Abstract)

The goals of privacy and non-malleability are considered, each under chosen plaintext attack and two kinds of chosen ciphertext attack, and a new definition of non-Malleability is proposed which the author believes is simpler than the previous one.

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

  • B. Blanchet
  • Computer Science, Mathematics
    Found. Trends Priv. Secur.
  • 2016
This survey presents an overview of the research on ProVerif, an automatic symbolic protocol verifier that automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses.

Mobile values, new names, and secure communication

A simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms is introduced, and semantics and proof techniques for this extended language are developed and applied in reasoning about some security protocols.