Formal Analysis of the FIDO 1.x Protocol
نویسندگان
چکیده
This paper presents a formal analysis of FIDO, a protocol developed by the FIDO Alliance project, and which aims to provide either a passwordless experience or an extra security layer for user authentication over the Internet. We model the protocol using the applied pi-calculus and run our analysis using ProVerif. Our analysis shows that ignoring some optional steps of the standard could lead to the implementation of a flawed authentication process. On the contrary, we prove that these steps are sufficient to ensure the expected security properties.
منابع مشابه
HYPERTRANSCENDENTAL FORMAL POWER SERIES OVER FIELDS OF POSITIVE CHARACTERISTIC
Let $K$ be a field of characteristic$p>0$, $K[[x]]$, the ring of formal power series over $ K$,$K((x))$, the quotient field of $ K[[x]]$, and $ K(x)$ the fieldof rational functions over $K$. We shall give somecharacterizations of an algebraic function $fin K((x))$ over $K$.Let $L$ be a field of characteristic zero. The power series $finL[[x]]$ is called differentially algebraic, if it satisfies...
متن کاملA Case Study in Verification Based on Trace Abstractions
In 14], we proposed a framework for the automatic veriica-tion of reactive systems. Our main tool is a decision procedure, Mona, for Monadic Second-order Logic (M2L) on nite strings. Mona translates a formula in M2L into a nite-state automaton. We show in 14] how traces, i.e. nite executions, and their abstractions can be described behaviorally. These state-less descriptions can be formulated i...
متن کاملGSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کاملFIDO Security Reference
This document analyzes the FIDO security. The analysis is performed on the basis of the FIDO Universal Authentication Framework (UAF) specification and FIDO Universal 2nd Factor (U2F) specifications as of the date of this publication. Status of This Document This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of ...
متن کاملFORMAL BALLS IN FUZZY PARTIAL METRIC SPACES
In this paper, the poset $BX$ of formal balls is studied in fuzzy partial metric space $(X,p,*)$. We introduce the notion of layered complete fuzzy partial metric space and get that the poset $BX$ of formal balls is a dcpo if and only if $(X,p,*)$ is layered complete fuzzy partial metric space.
متن کامل