skip to main content
research-article

An Extensive Formal Analysis of Multi-factor Authentication Protocols

Authors Info & Claims
Published:21 January 2021Publication History
Skip Abstract Section

Abstract

Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. This motivated the use of additional authentication mechanisms in so-called multi-factor authentication protocols. In this article, we define a detailed threat model for this kind of protocol: While in classical protocol analysis attackers control the communication network, we take into account that many communications are performed over TLS channels, that computers may be infected by different kinds of malware, that attackers could perform phishing, and that humans may omit some actions. We formalize this model in the applied pi calculus and perform an extensive analysis and comparison of several widely used protocols—variants of Google 2-step and FIDO’s U2F (Yubico’s Security Key token). The analysis is completely automated, generating systematically all combinations of threat scenarios for each of the protocols and using the PROVERIF tool for automated protocol analysis. To validate our model and attacks, we demonstrate their feasibility in practice, even though our experiments are run in a laboratory environment. Our analysis highlights weaknesses and strengths of the different protocols. It allows us to suggest several small modifications of the existing protocols that are easy to implement, as well as an extension of Google 2-step that improves security in several threat scenarios.

References

  1. Martín Abadi, Bruno Blanchet, and Cédric Fournet. 2017. The applied Pi calculus: Mobile values, new names, and secure communication. J. ACM 65, 1, Article 1 (Oct. 2017), 41 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Martín Abadi and Cédric Fournet. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’01). ACM, New York, NY, 104--115. DOI:https://doi.org/10.1145/360204.360213 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Alessandro Armando, Roberto Carbone, and Luca Zanetti. 2013. Formal modeling and automatic security analysis of two-factor and two-channel authentication protocols. In Proceedings of the Network and System Security: 7th International Conference (NSS’13), Javier Lopez, Xinyi Huang, and Ravi Sandhu (Eds.). Springer, Berlin, 728--734. DOI:https://doi.org/10.1007/978-3-642-38631-2_63Google ScholarGoogle ScholarCross RefCross Ref
  4. D. Basin, S. Radomirovic, and L. Schmid. 2016. Modeling human errors in security protocols. In Proceedings of the 2016 IEEE 29th Computer Security Foundations Symposium (CSF’16). 325--340. DOI:https://doi.org/10.1109/CSF.2016.30Google ScholarGoogle ScholarCross RefCross Ref
  5. David A. Basin, Sasa Radomirovic, and Michael Schläpfer. 2015. A complete characterization of secure human-server communication. In Proceedings of the IEEE 28th Computer Security Foundations Symposium (CSF’15). 199--213. DOI:https://doi.org/10.1109/CSF.2015.21 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Vijay Bharadwaj, Hubert Le Van Gong, Dirk Balfanz, Alexei Czeskis, Arnar Birgisson, Jeff Hodges, Michael B. Jones, Rolf Lindemann, and J. C. Jones. 2017. Web Authentication: An API for Accessing Public Key Credentials. Retrieved from https://www.w3.org/TR/2017/WD-webauthn-20171205/.Google ScholarGoogle Scholar
  7. Bruno Blanchet. 2016. Modeling and verifying security protocols with the applied Pi calculus and ProVerif. Found. Trends Priv. Secur. 1, 1--2 (2016), 1--135. DOI:https://doi.org/10.1561/3300000004 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). IEEE, 553--567. DOI:https://doi.org/10.1109/SP.2012.44 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Dolev and A. C. Yao. 1981. On the security of public key protocols. In Proceedings of the 22nd Symposium on Foundations of Computer Science (FOCS’81). IEEE, 350--357. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Daniel Fett, Ralf Küsters, and Guido Schmitz. 2014. An expressive model for the web infrastructure: Definition and application to the BrowserID SSO system. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S8P’14). IEEE Computer Society, 673--688. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. FIDO. 2018. Universal 2nd Factor (U2F). Retrieved from https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/FIDO-U2F-COMPLETE-v1.2-ps-20170411.pdf.Google ScholarGoogle Scholar
  12. Google 2018. Google 2 Step Verification.Retrieved January 2018 from https://www.google.com/landing/2step/.Google ScholarGoogle Scholar
  13. Paul A. Grassi, James L. Fenton, Elaine M. Newton, Ray A. Perlner, Andrew R. Regenscheid, William E. Burr, Justin P. Richer, Naomi B. Lefkovitz, Jamie M. Danker, Kristen K. Choong, Yee-Yin Greene, and Mary F. Theofanos. 2017. NIST Special Publication 800-63B: Digital Identity Guidelines—Authentication and Lifecycle Management. Retrieved from https://doi.org/10.6028/NIST.SP.800-63b.Google ScholarGoogle Scholar
  14. Paul A. Grassi, Michael E. Garcia, and James L. Fenton. 2017. NIST Special Publication 800-63-3: Digital Identity Guidelines. Retrieved from https://doi.org/10.6028/NIST.SP.800-63-3.Google ScholarGoogle Scholar
  15. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. Retrieved from https://spectreattack.com/spectre.pdf.Google ScholarGoogle Scholar
  16. Steve Kremer and Robert Künnemann. 2016. Automated analysis of security protocols with global state. J. Comput. Secur. 24, 5 (2016), 583--616. DOI:https://doi.org/10.3233/JCS-160556Google ScholarGoogle ScholarCross RefCross Ref
  17. Robert Künnemann and Graham Steel. 2013. YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM. Springer, Berlin, 257--272. DOI:https://doi.org/10.1007/978-3-642-38004-4_17Google ScholarGoogle Scholar
  18. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. Retrieved from https://meltdownattack.com/meltdown.pdf.Google ScholarGoogle Scholar
  19. Robert Morris and Ken Thompson. 1979. Password security: A case history. Commun. ACM 22, 11 (1979), 594--597. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Olivier Pereira, Florentin Rochet, and Cyrille Wiedling. 2017. Formal analysis of the Fido 1.x protocol. In Proceedings of the 10th International Symposium on Foundations 8 Practice of Security,Lecture Notes in Computer Science. Springer.Google ScholarGoogle Scholar
  21. Andrey Popov, Magnus Nystrom, Dirk Balfanz, Adam Langley, Nick Harper, and Jeff Hodges. 2018. Token Binding over HTTP. Retrieved from draft-ietf-tokbind-https-12 and https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https-12.Google ScholarGoogle Scholar
  22. Source files 2018. Proverif source files and scripts. https://gitlab.inria.fr/cjacomme/multi-factor-authentication-proverif-examples.Google ScholarGoogle Scholar
  23. G Suite team. 2017. G Suite updates. Retrieved from https://gsuiteupdates.googleblog.com/2017/02/improved-phone-prompts-for-2-step.html.Google ScholarGoogle Scholar
  24. Yubico 2018. FIDO Yubikey. Retrieved January 2018 from https://www.yubico.com/solutions/fido-u2f/.Google ScholarGoogle Scholar

Index Terms

  1. An Extensive Formal Analysis of Multi-factor Authentication Protocols

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!