loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Roberto Van Eeden 1 ; Matteo Paier 1 ; 2 and Marino Miculan 1 ; 3

Affiliations: 1 University of Udine, Dept. of Mathematics, Computer Science and Physics, Italy ; 2 IMT School for Advanced Studies, Lucca, Italy ; 3 Ca’ Foscari University of Venice, Dept. of Environmental Sciences, Informatics and Statistics, Italy

Keyword(s): Formal Methods, Security Protocols, Digital Identity, Identity Management.

Abstract: We analyze the security of Level 2 multi-factor authentication (MFA) based on SMS One-Time Passcode (OTP) of Italian Electronic Identity Card (CIE). We propose a novel threat model encompassing password compromise, network disruptions, user errors, and malware attacks. The combinations of the adversary’s attack capabilites yield a plethora of possible attack scenarios, which we systematically generate, formalise and verify in ProVerif. Our analysis reveals that CIE MFA based on SMS OTP is vulnerable to attacks with read access to the mobile device or keyboard, or to phishing, but event to mere read access to the user’s computer screen. To address the latter vulnerability, we propose a minor modification of the protocol. The threat model we introduce paves the way for the analysis of other CIE MFA protocols.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.223.237.246

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Van Eeden, R.; Paier, M. and Miculan, M. (2024). A Formal Analysis of CIE Level 2 Multi-Factor Authentication via SMS OTP. In Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-709-2; ISSN 2184-7711, SciTePress, pages 483-491. DOI: 10.5220/0012768300003767

@conference{secrypt24,
author={Roberto {Van Eeden}. and Matteo Paier. and Marino Miculan.},
title={A Formal Analysis of CIE Level 2 Multi-Factor Authentication via SMS OTP},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT},
year={2024},
pages={483-491},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012768300003767},
isbn={978-989-758-709-2},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT
TI - A Formal Analysis of CIE Level 2 Multi-Factor Authentication via SMS OTP
SN - 978-989-758-709-2
IS - 2184-7711
AU - Van Eeden, R.
AU - Paier, M.
AU - Miculan, M.
PY - 2024
SP - 483
EP - 491
DO - 10.5220/0012768300003767
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic