{"id":"https://openalex.org/W4384519178","doi":"https://doi.org/10.1109/tdsc.2023.3296210","title":"An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols","display_name":"An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols","publication_year":2023,"publication_date":"2023-07-17","ids":{"openalex":"https://openalex.org/W4384519178","doi":"https://doi.org/10.1109/tdsc.2023.3296210"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2023.3296210","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3296210","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/4358699/10185059.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/8858/4358699/10185059.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043967288","display_name":"Marco Pernpruner","orcid":"https://orcid.org/0000-0001-8936-2726"},"institutions":[{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]},{"id":"https://openalex.org/I83816512","display_name":"University of Genoa","ror":"https://ror.org/0107c5v14","country_code":"IT","type":"education","lineage":["https://openalex.org/I83816512"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Marco Pernpruner","raw_affiliation_strings":["Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","Department of Informatics, Bioengineering, Robotics and System Engineering, University of Genoa, Italy"],"raw_orcid":"https://orcid.org/0000-0001-8936-2726","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","institution_ids":["https://openalex.org/I2277624104"]},{"raw_affiliation_string":"Department of Informatics, Bioengineering, Robotics and System Engineering, University of Genoa, Italy","institution_ids":["https://openalex.org/I83816512"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002818742","display_name":"Roberto Carbone","orcid":"https://orcid.org/0000-0003-2853-4269"},"institutions":[{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Roberto Carbone","raw_affiliation_strings":["Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy"],"raw_orcid":"https://orcid.org/0000-0003-2853-4269","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","institution_ids":["https://openalex.org/I2277624104"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075120451","display_name":"Giada Sciarretta","orcid":"https://orcid.org/0000-0001-7567-4526"},"institutions":[{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giada Sciarretta","raw_affiliation_strings":["Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy"],"raw_orcid":"https://orcid.org/0000-0001-7567-4526","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","institution_ids":["https://openalex.org/I2277624104"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047487115","display_name":"Silvio Ranise","orcid":"https://orcid.org/0000-0001-7269-9285"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]},{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Silvio Ranise","raw_affiliation_strings":["Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","Department of Mathematics, University of Trento, Italy"],"raw_orcid":"https://orcid.org/0000-0001-7269-9285","affiliations":[{"raw_affiliation_string":"Center for Cybersecurity, Fondazione Bruno Kessler, Trento, Italy","institution_ids":["https://openalex.org/I2277624104"]},{"raw_affiliation_string":"Department of Mathematics, University of Trento, Italy","institution_ids":["https://openalex.org/I193223587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5043967288"],"corresponding_institution_ids":["https://openalex.org/I2277624104","https://openalex.org/I83816512"],"apc_list":null,"apc_paid":null,"fwci":0.787,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.73006018,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":"21","issue":"4","first_page":"1935","last_page":"1950"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.811206042766571},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7046849131584167},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6254876852035522},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.6194636225700378},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.47636720538139343},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45483607053756714},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.08667060732841492}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.811206042766571},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7046849131584167},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6254876852035522},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.6194636225700378},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.47636720538139343},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45483607053756714},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.08667060732841492},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tdsc.2023.3296210","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3296210","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/4358699/10185059.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:iris.unige.it:11567/1153115","is_oa":false,"landing_page_url":"https://hdl.handle.net/11567/1153115","pdf_url":null,"source":{"id":"https://openalex.org/S4377196291","display_name":"CINECA IRIS Institutial Research Information System (University of Genoa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I83816512","host_organization_name":"University of Genoa","host_organization_lineage":["https://openalex.org/I83816512"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:iris.unitn.it:11572/433471","is_oa":false,"landing_page_url":"https://hdl.handle.net/11572/433471","pdf_url":null,"source":{"id":"https://openalex.org/S4306401913","display_name":"Institutional Research Information System (Universit\u00e0 degli Studi di Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1109/tdsc.2023.3296210","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tdsc.2023.3296210","pdf_url":"https://ieeexplore.ieee.org/ielx7/8858/4358699/10185059.pdf","source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6899999976158142}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322253","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4384519178.pdf","grobid_xml":"https://content.openalex.org/works/W4384519178.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W146244851","https://openalex.org/W656475520","https://openalex.org/W1782799247","https://openalex.org/W1801505325","https://openalex.org/W2029693536","https://openalex.org/W2118278564","https://openalex.org/W2121845793","https://openalex.org/W2229250518","https://openalex.org/W2662464606","https://openalex.org/W2680793898","https://openalex.org/W2694711784","https://openalex.org/W2765559104","https://openalex.org/W2769200374","https://openalex.org/W2982620932","https://openalex.org/W3003760462","https://openalex.org/W3011602156","https://openalex.org/W3016054095","https://openalex.org/W3033229503","https://openalex.org/W3041813986","https://openalex.org/W3092208846","https://openalex.org/W3132951757","https://openalex.org/W3137615531","https://openalex.org/W3155734778","https://openalex.org/W4210861268","https://openalex.org/W4220982221","https://openalex.org/W4296831805","https://openalex.org/W4313406111","https://openalex.org/W6638433239"],"related_works":["https://openalex.org/W4389670110","https://openalex.org/W2187546663","https://openalex.org/W2429057255","https://openalex.org/W148745890","https://openalex.org/W2611942503","https://openalex.org/W2899790217","https://openalex.org/W1576092969","https://openalex.org/W4315621326","https://openalex.org/W2598865957","https://openalex.org/W2912135041"],"abstract_inverted_index":{"Authentication":[0],"protocols":[1,30],"represent":[2],"the":[3,24,40,66,70,72,75,84,92,118,126,153,159],"entry":[4],"point":[5],"to":[6,17,22,42,50,77,86,91,103,121,146],"online":[7],"services,":[8],"so":[9],"they":[10,115,124],"must":[11],"be":[12],"sturdily":[13],"designed":[14],"in":[15,48,107,152],"order":[16,49],"allow":[18],"only":[19],"authorized":[20],"users":[21],"access":[23],"underlying":[25],"data.":[26],"However,":[27],"designing":[28],"authentication":[29],"is":[31],"a":[32,132,147,156],"complex":[33],"process:":[34],"security":[35,80,105,119,128],"designers":[36,106],"should":[37],"carefully":[38],"select":[39,117],"technologies":[41],"involve":[43],"and":[44,83,164],"integrate":[45],"them":[46],"properly":[47],"prevent":[51],"potential":[52],"vulnerabilities.":[53],"In":[54],"addition,":[55],"these":[56],"choices":[57],"are":[58],"usually":[59],"restricted":[60],"by":[61,94,110],"further":[62],"factors,":[63],"such":[64],"as":[65],"requirements":[67],"associated":[68],"with":[69,158],"scenario,":[71],"regulatory":[73],"framework,":[74],"dimensions":[76],"balance":[78],"(e.g.,":[79],"vs.":[81],"usability),":[82],"standards":[85],"rely":[87],"on.":[88],"We":[89],"come":[90],"rescue":[93],"presenting":[95],"an":[96],"automated":[97],"multi-layered":[98],"methodology":[99,145],"we":[100,137,141],"have":[101,142],"developed":[102],"assist":[104],"this":[108],"phase:":[109],"repeatedly":[111],"evaluating":[112],"their":[113],"protocols,":[114],"can":[116],"mitigations":[120],"consider":[122],"until":[123],"reach":[125],"desired":[127],"level,":[129],"thus":[130],"enabling":[131],"security-by-design":[133],"approach.":[134],"For":[135],"concreteness,":[136],"also":[138],"show":[139],"how":[140],"applied":[143],"our":[144],"real":[148],"use":[149],"case":[150],"scenario":[151],"context":[154],"of":[155],"collaboration":[157],"Italian":[160],"Government":[161],"Printing":[162],"Office":[163],"Mint.":[165]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}