{"id":"https://openalex.org/W3033229503","doi":"https://doi.org/10.1145/3386685","title":"Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login","display_name":"Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login","publication_year":2020,"publication_date":"2020-06-06","ids":{"openalex":"https://openalex.org/W3033229503","doi":"https://doi.org/10.1145/3386685","mag":"3033229503"},"language":"en","primary_location":{"id":"doi:10.1145/3386685","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386685","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://kclpure.kcl.ac.uk/ws/files/126039601/main_postreview_TR.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075120451","display_name":"Giada Sciarretta","orcid":"https://orcid.org/0000-0001-7567-4526"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Giada Sciarretta","raw_affiliation_strings":["Security 8 Trust, FBK, Trento, Italia"],"affiliations":[{"raw_affiliation_string":"Security 8 Trust, FBK, Trento, Italia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002818742","display_name":"Roberto Carbone","orcid":"https://orcid.org/0000-0003-2853-4269"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Roberto Carbone","raw_affiliation_strings":["Security 8 Trust, FBK, Trento, Italia"],"affiliations":[{"raw_affiliation_string":"Security 8 Trust, FBK, Trento, Italia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047487115","display_name":"Silvio Ranise","orcid":"https://orcid.org/0000-0001-7269-9285"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Silvio Ranise","raw_affiliation_strings":["Security 8 Trust, FBK, Trento, Italia"],"affiliations":[{"raw_affiliation_string":"Security 8 Trust, FBK, Trento, Italia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101515402","display_name":"Luca Vigan\u00f2","orcid":"https://orcid.org/0000-0001-9916-271X"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Luca Vigan\u00f2","raw_affiliation_strings":["Department of Informatics, King\u2019s College London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Department of Informatics, King\u2019s College London, London, United Kingdom","institution_ids":["https://openalex.org/I183935753"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5075120451"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.9464,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.8947516,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"23","issue":"3","first_page":"1","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9585999846458435,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7730802297592163},{"id":"https://openalex.org/keywords/multi-factor-authentication","display_name":"Multi-factor authentication","score":0.6821812391281128},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.6779029369354248},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.6753430366516113},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6529133915901184},{"id":"https://openalex.org/keywords/single-sign-on","display_name":"Single sign-on","score":0.6352977752685547},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.605188250541687},{"id":"https://openalex.org/keywords/factor","display_name":"Factor (programming language)","score":0.5359507203102112},{"id":"https://openalex.org/keywords/sign","display_name":"Sign (mathematics)","score":0.5257253050804138},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.44514039158821106},{"id":"https://openalex.org/keywords/challenge\u2013response-authentication","display_name":"Challenge\u2013response authentication","score":0.41685783863067627},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.08875185251235962},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.06837877631187439}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7730802297592163},{"id":"https://openalex.org/C194699767","wikidata":"https://www.wikidata.org/wiki/Q7878662","display_name":"Multi-factor authentication","level":4,"score":0.6821812391281128},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.6779029369354248},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.6753430366516113},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6529133915901184},{"id":"https://openalex.org/C2776362682","wikidata":"https://www.wikidata.org/wiki/Q568494","display_name":"Single sign-on","level":3,"score":0.6352977752685547},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.605188250541687},{"id":"https://openalex.org/C2781039887","wikidata":"https://www.wikidata.org/wiki/Q1391724","display_name":"Factor (programming language)","level":2,"score":0.5359507203102112},{"id":"https://openalex.org/C139676723","wikidata":"https://www.wikidata.org/wiki/Q1193832","display_name":"Sign (mathematics)","level":2,"score":0.5257253050804138},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.44514039158821106},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.41685783863067627},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.08875185251235962},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.06837877631187439},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3386685","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386685","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:kclpure.kcl.ac.uk:publications/ab908b96-58df-4741-a3e3-fd07c8fc91cd","is_oa":true,"landing_page_url":"https://kclpure.kcl.ac.uk/portal/en/publications/ab908b96-58df-4741-a3e3-fd07c8fc91cd","pdf_url":"https://kclpure.kcl.ac.uk/ws/files/126039601/main_postreview_TR.pdf","source":{"id":"https://openalex.org/S4306400216","display_name":"Research Portal (King's College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I183935753","host_organization_name":"King's College London","host_organization_lineage":["https://openalex.org/I183935753"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sciarretta, G, Carbone, R, Ranise, S & Vigan\u00f2, L 2020, 'Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login', ACM Transactions on Privacy and Security, vol. 23, no. 3, pp. 1-37. https://doi.org/10.1145/3386685","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:iris.unitn.it:11572/333282","is_oa":false,"landing_page_url":"http://hdl.handle.net/11572/333282","pdf_url":null,"source":{"id":"https://openalex.org/S4377196320","display_name":"Iris (University of Trento)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193223587","host_organization_name":"University of Trento","host_organization_lineage":["https://openalex.org/I193223587"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:kclpure.kcl.ac.uk:publications/ab908b96-58df-4741-a3e3-fd07c8fc91cd","is_oa":true,"landing_page_url":"https://kclpure.kcl.ac.uk/portal/en/publications/ab908b96-58df-4741-a3e3-fd07c8fc91cd","pdf_url":"https://kclpure.kcl.ac.uk/ws/files/126039601/main_postreview_TR.pdf","source":{"id":"https://openalex.org/S4306400216","display_name":"Research Portal (King's College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I183935753","host_organization_name":"King's College London","host_organization_lineage":["https://openalex.org/I183935753"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sciarretta, G, Carbone, R, Ranise, S & Vigan\u00f2, L 2020, 'Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login', ACM Transactions on Privacy and Security, vol. 23, no. 3, pp. 1-37. https://doi.org/10.1145/3386685","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3033229503.pdf","grobid_xml":"https://content.openalex.org/works/W3033229503.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W2508546","https://openalex.org/W146244851","https://openalex.org/W656475520","https://openalex.org/W1541087836","https://openalex.org/W1638508950","https://openalex.org/W1782799247","https://openalex.org/W1795549172","https://openalex.org/W2012921353","https://openalex.org/W2023040061","https://openalex.org/W2029693536","https://openalex.org/W2058664481","https://openalex.org/W2081830543","https://openalex.org/W2089775132","https://openalex.org/W2112995928","https://openalex.org/W2113446256","https://openalex.org/W2121845793","https://openalex.org/W2133723082","https://openalex.org/W2166327763","https://openalex.org/W2229250518","https://openalex.org/W2240768446","https://openalex.org/W2254700249","https://openalex.org/W2257242910","https://openalex.org/W2394577424","https://openalex.org/W2401875268","https://openalex.org/W2575458798","https://openalex.org/W2610531627","https://openalex.org/W2662464606","https://openalex.org/W2680793898","https://openalex.org/W2782989397","https://openalex.org/W2787947285","https://openalex.org/W2798249656","https://openalex.org/W2803681306","https://openalex.org/W2885841050","https://openalex.org/W2962768977","https://openalex.org/W2978193706","https://openalex.org/W3004890695","https://openalex.org/W4212851301","https://openalex.org/W4231939455","https://openalex.org/W4245024404","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2050433615","https://openalex.org/W128488073","https://openalex.org/W2093798919","https://openalex.org/W2907262898","https://openalex.org/W2135836328","https://openalex.org/W3022695109","https://openalex.org/W3101929529","https://openalex.org/W2911390896","https://openalex.org/W2393298610","https://openalex.org/W3193848718"],"abstract_inverted_index":{"Over":[0],"the":[1,13,90,99,113,124,136,143,161,166,177,181,194],"last":[2],"few":[3],"years,":[4],"there":[5],"has":[6],"been":[7,73],"an":[8,189],"almost":[9],"exponential":[10],"increase":[11],"in":[12],"number":[14],"of":[15,56,89,115,126,138,145,156,180,197],"mobile":[16],"applications":[17,25,121],"that":[18,49,170],"deal":[19],"with":[20,32],"sensitive":[21,33],"data,":[22,34],"such":[23],"as":[24],"for":[26,119,193],"e-commerce":[27],"or":[28,52,76],"health.":[29],"When":[30],"dealing":[31],"classical":[35],"authentication":[36,47,54,92,200],"solutions":[37,48,65,101],"based":[38,122],"on":[39,123],"username-password":[40],"pairs":[41],"are":[42,59,66,135],"not":[43],"enough,":[44],"and":[45,80,85,104,142,160,164,187],"multi-factor":[46,91,199],"combine":[50],"two":[51,116,127,182],"more":[53],"factors":[55],"different":[57,100,198],"categories":[58],"required":[60],"instead.":[61],"Even":[62],"if":[63],"several":[64],"currently":[67],"used,":[68],"their":[69],"security":[70,162,168,178],"analyses":[71],"have":[72],"performed":[74],"informally":[75],"semiformally":[77],"at":[78],"best,":[79],"without":[81],"a":[82,86,96,146,153],"reference":[83,117,183],"model":[84,159],"precise":[87],"definition":[88],"property.":[93],"This":[94],"makes":[95],"comparison":[97],"among":[98],"both":[102],"complex":[103],"potentially":[105],"misleading.":[106],"In":[107],"this":[108],"article,":[109],"we":[110,151,171,185],"first":[111],"present":[112],"design":[114],"models":[118,184],"native":[120],"requirements":[125],"real-world":[128],"use-case":[129],"scenarios.":[130],"Common":[131],"features":[132],"between":[133],"them":[134],"use":[137],"one-time":[139],"password":[140],"approaches":[141],"support":[144],"single":[147],"sign-on":[148],"experience.":[149],"Then,":[150],"provide":[152],"formal":[154,174,195],"specification":[155],"our":[157],"threat":[158],"goals,":[163],"discuss":[165],"automated":[167],"analysis":[169,175,196],"performed.":[172],"Our":[173],"validates":[176],"goals":[179],"propose":[186],"provides":[188],"important":[190],"building":[191],"block":[192],"solutions.":[201]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}