Paper Info
Title
AuthGuide: Analyzing Security, Privacy and Usability Trade-Offs in Multi-factor Authentication
Abstract
Multi-factor authentication (MFA) reduces the risk of compromised credentials. However, selecting, configuring and combining different authentication factors is a challenge for both security administrators and end-users, as the configuration possibilities are large and the implications of choices on security, privacy and usability are not always well understood. This concern is further aggravated when the security administrator grants the end-user some flexibility for the selection of authentication factors, or when the latter are combined in a risk-adaptive manner. In this work, we present AUTHGUIDE, an authentication knowledge and configuration framework that increases the awareness about these trade-offs. Additionally, it raises the level of abstraction to configure MFA for a given identity and access management (IAM) platform through a series of questions by mapping the responses onto the IAM's workflow of authentication steps for registration and login. We implemented AUTHGUIDE, validated it on top of the open source Keycloak IAM, and evaluated the effectiveness of our framework to analyze the security, privacy and usability trade-offs.
Year
DOI
Venue
2021
10.1007/978-3-030-86586-3_11
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS (TRUSTBUS 2021)
Keywords
DocType
Volume
Authentication, Security, Privacy, Usability
Conference
12927
ISSN
Citations 
PageRank 
0302-9743
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Davy Preuveneers170565.56
Sander Joos200.34
Wouter Joosen32898287.70