Analyzing two-factor authentication devices

It is expected that mobile phones will be used in various e-commerce applications, since it is handy and frequently used. Another important aspect is that mobile phones approach computers both with respect to programmability and capacity. One example of a cutting edge application is a generic authentication mechanism invented by a new Norwegian startup company: a mobile terminal is used as a password calculator that could potentially be used towards any Internet service provider. Yet, security protocols in general and authentication protocols in particular are vulnerable to attacks: The current phishing attacks pose a major challenge to the trustworthiness of any kind of e-business, hence it is particularly important to address the phishing problem effective. In the paper we shall investigate a new commercial protocol, and analyze how the protocol (or more accurately a couple of protocols) can handle phishing attacks.

[1]  Anders Moen Hagalisletto,et al.  Errors in Attacks on Authentication Protocols , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[2]  Gavin Lowe Analyzing a Library of Security Protocols using Casper and FDR , 1999 .

[3]  Anders Moen Hagalisletto,et al.  Attacks are Protocols Too , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[5]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[6]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[7]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[8]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[9]  Anders Moen Hagalisletto,et al.  Protocol Algebra , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[10]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[11]  Kazuhiro Ogata,et al.  Equational Approach to Formal Analysis of TLS , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).