{"id":"https://openalex.org/W3125712971","doi":"https://doi.org/10.1145/3440712","title":"An Extensive Formal Analysis of Multi-factor Authentication Protocols","display_name":"An Extensive Formal Analysis of Multi-factor Authentication Protocols","publication_year":2021,"publication_date":"2021-01-21","ids":{"openalex":"https://openalex.org/W3125712971","doi":"https://doi.org/10.1145/3440712","mag":"3125712971"},"language":"en","primary_location":{"id":"doi:10.1145/3440712","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3440712","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://inria.hal.science/hal-03468848","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057561034","display_name":"Charlie Jacomme","orcid":"https://orcid.org/0009-0003-4465-3150"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I277688954","display_name":"Universit\u00e9 Paris-Saclay","ror":"https://ror.org/03xjwb503","country_code":"FR","type":"education","lineage":["https://openalex.org/I277688954"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Charlie Jacomme","raw_affiliation_strings":["LSV, CNRS, ENS, Paris-Saclay, Inria, and Universit\u00e9 Paris-Saclay"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"LSV, CNRS, ENS, Paris-Saclay, Inria, and Universit\u00e9 Paris-Saclay","institution_ids":["https://openalex.org/I277688954","https://openalex.org/I1294671590"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085316790","display_name":"Steve Kremer","orcid":"https://orcid.org/0009-0004-6946-0678"},"institutions":[{"id":"https://openalex.org/I4210121838","display_name":"Laboratoire Lorrain de Recherche en Informatique et ses Applications","ror":"https://ror.org/02vnf0c38","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I277688954","https://openalex.org/I4210107720","https://openalex.org/I4210121838","https://openalex.org/I4210159245","https://openalex.org/I90183372"]},{"id":"https://openalex.org/I90183372","display_name":"Universit\u00e9 de Lorraine","ror":"https://ror.org/04vfs2w97","country_code":"FR","type":"education","lineage":["https://openalex.org/I90183372"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Steve Kremer","raw_affiliation_strings":["LORIA, Inria Nancy-Grand Est, CNRS, and Universit\u00e9 de Lorraine","PESTO - Proof techniques for security protocols (France)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"LORIA, Inria Nancy-Grand Est, CNRS, and Universit\u00e9 de Lorraine","institution_ids":["https://openalex.org/I90183372","https://openalex.org/I4210121838"]},{"raw_affiliation_string":"PESTO - Proof techniques for security protocols (France)","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":8.3068,"has_fulltext":false,"cited_by_count":45,"citation_normalized_percentile":{"value":0.97512857,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"24","issue":"2","first_page":"1","last_page":"34"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8473116755485535},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.603217601776123},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.5947501063346863},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.5921120643615723},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5868225693702698},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5839783549308777},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.5281997323036194},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5201804637908936},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.49764254689216614},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.4683482050895691},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.22561851143836975}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8473116755485535},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.603217601776123},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.5947501063346863},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.5921120643615723},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5868225693702698},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5839783549308777},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.5281997323036194},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5201804637908936},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.49764254689216614},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.4683482050895691},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.22561851143836975},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3440712","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3440712","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-03468848v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-03468848","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Privacy and Security, 2021, 24 (2), pp.1-34. &#x27E8;10.1145/3440712&#x27E9;","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-03468848v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-03468848","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Privacy and Security, 2021, 24 (2), pp.1-34. &#x27E8;10.1145/3440712&#x27E9;","raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5099999904632568}],"awards":[{"id":"https://openalex.org/G2300704736","display_name":"Protocol Analysis - Combining Existing Tools","funder_award_id":"ANR-17-CE39-0004","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1514304700","https://openalex.org/W1638508950","https://openalex.org/W1871241722","https://openalex.org/W1973054120","https://openalex.org/W2030112111","https://openalex.org/W2030988895","https://openalex.org/W2039875296","https://openalex.org/W2143504694","https://openalex.org/W2149929743","https://openalex.org/W2280151037","https://openalex.org/W2507474852","https://openalex.org/W2522035104","https://openalex.org/W2544274814","https://openalex.org/W2662464606","https://openalex.org/W2680793898","https://openalex.org/W2963311060","https://openalex.org/W3003983481"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W143386018","https://openalex.org/W2753240997","https://openalex.org/W1004582678","https://openalex.org/W1764168690","https://openalex.org/W2656445685","https://openalex.org/W2537959205","https://openalex.org/W2115218409","https://openalex.org/W2740895074","https://openalex.org/W2351645295"],"abstract_inverted_index":{"Passwords":[0],"are":[1,65,166,195],"still":[2],"the":[3,23,55,97,138,142,179,191],"most":[4],"widespread":[5],"means":[6],"for":[7,43,135,146],"authenticating":[8],"users,":[9],"even":[10,162],"though":[11,163],"they":[12],"have":[13],"been":[14],"shown":[15],"to":[16,185,197],"create":[17],"huge":[18],"security":[19,209],"problems.":[20],"This":[21],"motivated":[22],"use":[24],"of":[25,46,78,108,113,132,137,178,190,204],"additional":[26],"authentication":[27,32],"mechanisms":[28],"in":[29,49,96,160,168,210],"so-called":[30],"multi-factor":[31],"protocols.":[33,181],"In":[34],"this":[35,44,94],"article,":[36],"we":[37,58,156],"define":[38],"a":[39,169],"detailed":[40],"threat":[41,133,212],"model":[42,95,153],"kind":[45],"protocol:":[47],"While":[48],"classical":[50],"protocol":[51,148],"analysis":[52,105,124,173],"attackers":[53,81],"control":[54],"communication":[56],"network,":[57],"take":[59],"into":[60],"account":[61],"that":[62,70,80,86,194,207],"many":[63],"communications":[64],"performed":[66],"over":[67],"TLS":[68],"channels,":[69],"computers":[71],"may":[72,88],"be":[73],"infected":[74],"by":[75],"different":[76,180],"kinds":[77],"malware,":[79],"could":[82],"perform":[83,102],"phishing,":[84],"and":[85,101,106,116,140,154,176],"humans":[87],"omit":[89],"some":[90],"actions.":[91],"We":[92],"formalize":[93],"applied":[98],"pi":[99],"calculus":[100],"an":[103,202],"extensive":[104],"comparison":[107],"several":[109,187,211],"widely":[110],"used":[111],"protocols\u2014variants":[112],"Google":[114,205],"2-step":[115,206],"FIDO\u2019s":[117],"U2F":[118],"(Yubico\u2019s":[119],"Security":[120],"Key":[121],"token).":[122],"The":[123],"is":[125],"completely":[126],"automated,":[127],"generating":[128],"systematically":[129],"all":[130],"combinations":[131],"scenarios":[134],"each":[136],"protocols":[139,193],"using":[141],"P":[143],"ROVERIF":[144],"tool":[145],"automated":[147],"analysis.":[149],"To":[150],"validate":[151],"our":[152,164],"attacks,":[155],"demonstrate":[157],"their":[158],"feasibility":[159],"practice,":[161],"experiments":[165],"run":[167],"laboratory":[170],"environment.":[171],"Our":[172],"highlights":[174],"weaknesses":[175],"strengths":[177],"It":[182],"allows":[183],"us":[184],"suggest":[186],"small":[188],"modifications":[189],"existing":[192],"easy":[196],"implement,":[198],"as":[199,201],"well":[200],"extension":[203],"improves":[208],"scenarios.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":6},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":4}],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2025-10-10T00:00:00"}
