Abstract | ||
---|---|---|
This work introduces Passphone, a new smartphone-based authentication scheme that outsources user verification to a trusted third party without sacrificing privacy: neither can the trusted third party learn the relation between users and service providers, nor can service providers learn those of their users to others. When employed as a second factor in conjunction with, for instance, passwords as a first factor, our scheme maximizes the deployability of two-factor authentication for service providers while maintaining user privacy. We conduct a twofold formal analysis of our scheme, the first regarding its general security, and the second regarding anonymity and unlinkability of its users. Moreover, we provide an automatic analysis using AVISPA, a comparative evaluation to existing schemes under Bonneau et al.' s framework, and an evaluation of a prototypical implementation. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/978-3-319-47560-8_15 | Lecture Notes in Computer Science |
DocType | Volume | ISSN |
Journal | 10014 | 0302-9743 |
Citations | PageRank | References |
0 | 0.34 | 19 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Martin Potthast | 1 | 871 | 87.94 |
Christian Forler | 2 | 144 | 12.56 |
Eik List | 3 | 111 | 13.70 |
Stefan Lucks | 4 | 1083 | 108.87 |