On the Role of Religion in the Decision to Migrate

Protocolos de segurança (e.g. Needham-Schroeder, IKE, IPSec, SSH, Kerberos, TLS) representam o alicerce das comunicações do mundo atual. Protocolos como o IKE e o TLS permitem a troca de chaves na internet e propriedades de segurança essenciais para as comunicações (e.g. confidencialidade, integridade e autenticidade). Um dos grandes desafios no projeto desses protocolos é garantir a sua própria segurança, ou seja, garantir que o protocolo seja livre de vulnerabilidades. Atualmente, existem algumas ferramentas desenvolvidas especificamente para a verificação formal automática de protocolos de comunicação e segurança, como a Scyther, CrytoVerif, Tamarin Prover e AVISPA. Entretanto, essas são ainda pouco conhecidas e utilizadas na prática por projetistas de protocolos. Este trabalho tem por objetivo contribuir no fechamento desta lacuna através da introdução e demonstração prática de utilização da ferramenta Scyther, projetada para auxiliar na verificação automática de protocolos de segurança.

show abstract

Verificação Automática dos Protocolos de Segurança Needham-Schroeder, WMF e CSA com a ferramenta Scyther

Jenuario¹,

Chervinski²,

Paz³

et al. 2020

View full text Add to dashboard Cite

Auth4App: Protocols for Identification and Authentication using Mobile Applications

Kreutz

Fernandes

Paz

et al. 2020

View full text Add to dashboard Cite

The increasing adoption of mobile applications as a means of user authentication is revealing new security challenges and opportunities. In order to modernize their physical identification and authorization procedures (e.g., access turnstile), some institutions have adopted static QR Codes generated using simple and static user data, such as some type of individual citizen national identification number. This procedure is easy to implement and verify, but it represents a critical security vulnerability. To address this issue, we propose Auth4App, a set of protocols for identification and authentication using mobile applications. Auth4App has two main protocols, one for binding user credentials to the mobile device (i.e., identification) and another one for generating one-time authentication codes (OTACs). Both protocols were formally verified using Scyther, an automated verification tool. Based on the automated analysis, our results show Auth4App protocols are robust enough and meet safe relevant criteria. Our prototype simulates access control using electronic turnstiles and was developed to present how our solution works and its deployment feasibility. The results show Auth4App enables accurate user authentication with a low computational cost.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tadeu Jenuario

Verificação Automática de Protocolos de Segurança com a ferramenta Scyther

Verificação Automática dos Protocolos de Segurança Needham-Schroeder, WMF e CSA com a ferramenta Scyther

Auth4App: Protocols for Identification and Authentication using Mobile Applications

Contact Info

Product

Resources

About