Security Analysis of Multi-Factor Authentication Security Protocols

Multi-Factor Authentication (MFA) is being increasingly adopted by on- line services in order to achieve an adequate level of security. MFA is based on security protocols, called MFA protocols, that integrate the use of credentials with additional identity proofs, called authentication factors (based on knowledge, possession or inherence). The authentication factors are provided through specific objects, called authenticators (e.g., hardware token). To date, MFA has been widely adopted in the most diverse security-critical application scenarios (e.g., online banking, eHealth). Various solutions have been proposed, leveraging MFA protocols which employ different kinds of authenticators and providing different user experience. When considering various MFA protocols, few questions may arise. How do MFA protocols differ in terms of (i) level of protection, (ii) compliance w.r.t. current regulations and (iii) complexity for the user? To answer the question concerning the level of protection, traditional verification techniques for security protocols require a formal specification of the protocol under analysis. However, as a matter of fact, several service providers employ ad-hoc MFA protocols and do not disclose their internals. In addition, classical attacker models, such as the Dolev-Yao adversary, hardly apply. Hence, new protocol modeling techniques and new attacker models should be investigated. Concerning regulations, public and private authorities have introduced directives and guidelines for the design of MFA protocols (e.g., recommendations for online payment services from the European Banking Authority, and the guidelines from NIST about the digital identity management through MFA). In principle, these initiatives aim to guide the design of more secure and usable MFA protocols, but there is no evidence that the existing MFA protocols actually comply with the aforementioned regulations. Thus, a novel methodology is needed to provide such an evidence. The ease-of-use is a relevant aspect to be considered in the analysis of an MFA protocol. Indeed, the use of multiple authenticators in the execution of an MFA protocol can negatively affect user experience, which can have an impact on its security as well. However, none of the research works managed to measure the usability of a conspicuous number of MFA protocols design. Hence, a methodology for evaluating the ease-of-use of an MFA protocol should be identified. In this work, we propose a framework to analyze MFA protocols, which does not rely on the implementation details, being able to assess the (i) level of protection, (ii) compliance w.r.t. current regulations and (iii) complexity for the user. To this aim, we define a specification language which is compatible with the typical (amount of) information publicly released by service providers on the employed MFA protocols. For what concerns the security analysis, we propose an evaluation of MFA protocols in terms of resistance against a set of attacker models, tailored for the specific case of MFA protocols. For what concerns the regulatory aspects and best practices, we include the possibility to evaluate a protocol in terms of compliance with a customizable set of requirements and best practices. Furthermore, for what concerns the ease-of-use of an MFA protocol, we propose a new metric, called complexity, for evaluating a protocol in terms of efforts that an user is required to perform during its execution. The aforementioned framework has been then implemented in a working tool, MuFASA, allowing (even non-expert) users to model an MFA protocol and to automatically analyze it. Finally, the presented framework has been applied on some selected use cases. First, it has been employed in the early stages of the design of a novel MFA protocol, integrated into the Citizens’ Clinical Record platform developed in the Trentino region (Italy). Then, it has been used for performing a latitudinary study on online banking services, allowing us to model and analyze more than 150 MFA protocols employed by banks all over the world.