IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO.
4, JULY/AUGUST 2024 1935
An Automated Multi-Layered Methodology to Assist
the Secure and Risk-Aware Design of Multi-Factor
Authentication Protocols
Marco Pernpruner , Roberto Carbone , Giada Sciarretta , and Silvio Ranise
Abstract—Authentication protocols represent the entry point
to online services, so they must be sturdily designed in order to
allow only authorized users to access the underlying data. However,
designing authentication protocols is a complex process: security
designers should carefully select the technologies to involve and
integrate them properly in order to prevent potential vulnerabil-
ities. In addition, these choices are usually restricted by further
factors, such as the requirements associated with the scenario, the
regulatory framework, the dimensions to balance (e.g., security vs.
usability), and the standards to rely on. We come to the rescue
by presenting an automated multi-layered methodology we have
developed to assist security designers in this phase: by repeatedly
evaluating their protocols, they can select the security mitigations
to consider until they reach the desired security level, thus enabling
a security-by-design approach. For concreteness, we also show how
we have applied our methodology to a real use case scenario in the
context of a collaboration with the Italian Government Printing
Office and Mint.
Index Terms—Authentication, risk analysis, security analysis,
security methodology.
I. INTRODUCTION
HE National Institute of Standards and Technology (NIST)
T defines authentication protocols as «a defined sequence of
messages between a claimant and a verifier that demonstrates
that the claimant has possession and control of one or more valid
authenticators to establish their identity» [1]. Authenticators rep-
resent the core elements within the authentication procedures,
and can attest one or more authentication factors: something
that the claimant knows (knowledge factors), owns (ownership
factors), or is (inherence factors).
Manuscript received 19 October 2022; revised 20 April 2023; accepted 26
June 2023. Date of publication 17 July 2023; date of current version 11 July
2024. This work was supported by Futuro & Conoscenza Srl, jointly created
by Fondazione Bruno Kessler (FBK) and Poligrafico e Zecca dello Stato Ital-
iano (IPZS, the Italian Government Printing Office and Mint). (Corresponding
author: Marco Pernpruner.)
Marco Pernpruner is with the Center for Cybersecurity, Fondazione Bruno
Kessler, 38123 Trento, Italy, and also with the Department of Informatics,
Bioengineering, Robotics and System Engineering, University of Genoa, 16146
Genoa, Italy (e-mail: [email protected]).
Roberto Carbone and Giada Sciarretta are with the Center for Cybersecu-
rity, Fondazione Bruno Kessler, 38123 Trento, Italy (e-mail: [email protected];
[email protected]).
Silvio Ranise is with the Center for Cybersecurity, Fondazione Bruno Kessler,
38123 Trento, Italy, and also with the Department of Mathematics, University
of Trento, 38123 Trento, Italy (e-mail: [email protected]).
Digital Object Identifier 10.1109/TDSC.2023.3296210
© 2023 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see
https://creativecommons.org/licenses/by/4.0/
Considering that authentication potentially allows to access
sensitive information and perform restricted operations, mali-
cious agents frequently target this phase: in the first quarter of
2022, almost 113 million attacks have been performed against
multi-factor authentication systems, with the main objectives
being staffing/recruiting (4.45%), public (3.99%), and financial
(3.86%) services [2]. This trend is confirmed when we focus
on financial services: 80% of the organizations have suffered
from at least one cyber breach due to authentication weaknesses,
and 95% of total breaches could be presumedly ascribable to
credential misuse or authentication vulnerabilities [3].
Given the considerable number of attacks, authentication
protocols should be designed in order to be sufficiently resistant
and guarantee a significant level of security. However, designing
security protocols is not trivial: first of all, security designers
need to understand the scenario in which the authentication
protocol is deployed, as it usually imposes some constraints
regarding the environment and/or the legal framework to comply
with. Then, many other choices have to be made: the proper
balance between different dimensions (e.g., usability and pri-
vacy), the standards to rely on, and the authenticators to use in
the protocol, which must be properly configured and integrated
between each other without exposing the protocol to vulner-
abilities. During the process, security designers usually need
to analyse the security of several configurations of the system
to identify the most appropriate one. However, performing a
manual analysis of each configuration would lead to greater
efforts, longer development lifecycles and a higher probability of
missing some vulnerabilities [4], [5]. Automated techniques can
greatly support the analysis process of authentication protocols
due to their reliance on advanced methods such as model check-
ers, which can turn the security analysis into large satisfiability
problems [6]. As a consequence, these techniques are fundamen-
tal in detecting complex, uncovered vulnerabilities that affected
common security protocols [7]. Unfortunately, such techniques
are computationally very intensive as they suffer the state space
explosion problem and may be difficult to exploit to quickly
evaluate alternative configurations of a design.
To alleviate this problem and allow the usage of formal
techniques during the design phase, we have developed a multi-
layered methodology that supports security experts in the design
of authentication protocols, thus fostering a security-by-design
approach. Our methodology can be repeatedly employed as an
oracle in the design process, with security designers giving in
1936 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024
Fig. 1. Graphical representation of our methodology.
input different configurations of the protocols until they reach
the desired security level. The multiple layers allow to satisfy
some requirements that we have identified from our experience
in protocol design and analysis: (i) Efficiency, to support security
experts in reasonable time; (ii) Classification, to understand the
riskiness of the successful attackers. In particular, the combi-
natorial analysis performs a fast, yet incomplete, high-level
analysis to reduce the number of invocations of the symbolic
analysis, which relies on formal frameworks and is connected
with a higher computational complexity; this complies with the
first requirement. Finally, to meet the second requirement, the
risk analysis complements the list of attackers that are able to
violate the protocols with the related risk, to understand which
of them represent the most relevant threats.
For the sake of concreteness, we also show how we have
applied our methodology to a real use case scenario: an au-
thentication procedure based on QR codes and electronic doc-
uments that currently represents one of the main authentica-
tion procedures to access Italian Public Administration’s online
services. This activity has been performed in the context of a
long-standing collaboration with Poligrafico e Zecca dello Stato
Italiano (IPZS, the Italian Government Printing Office and Mint)
and has allowed them to gradually refine the protocol until they
reached the desired trade-off between security and usability.
A. Structure of the Paper
Section II describes the methodology that we have developed
to support the design of authentication solutions. Section III
introduces a concrete authentication protocol that we use as
a practical example. Section IV shows the application of the
methodology to the use case scenario. Section V identifies
and discusses the role of security mitigations along with their
implications from security and usability perspectives. Section VI
presents related works. Section VII draws some conclusions and
hints future works.
II. SECURITY ANALYSIS METHODOLOGY
To support the design of authentication protocols, we have
developed a methodology – displayed in Fig. 1 – that aims at
detecting all the (combinations of) attackers A1 that are able to
1 It is worth underlining that A can represent either single attackers or combi-
nations of attackers: in the first case, attackers are successful by relying on their
violate the security goal G:
A = {A ⊆ T M | MP , μ (A) |= G} ()
with the following specifications required as input:
r a model of the protocol (MP ) derived from the Message
Sequence Chart (MSC, in blue), a detailed representation
of the protocol to be analysed from which we can extract
the authentication factors used, the entities, their initial
knowledge, the messages they exchange, the communica-
tion channels used, and the security assumptions;
r a model of the attackers (MA ) obtained by using a list of
potential attackers (i.e., a threat model T M) equipped with
a set of capabilities (in orange). In Section IV-B, we provide
a reference model that can be extended by a security
expert according to the needs. This model takes inspiration
from the Authenticator Threats introduced by NIST [8].
To formalise the capabilities of a specific attacker, we
introduce a function μ : T M → MA , which takes in input
an attacker A ∈ T M and returns the specification of the
corresponding capabilities from the model of the attackers
MA .
In case of authentication protocols, G represents the fact that
the intended service (called Service Provider) must authenticate
the user with a given level of assurance, which is specified by
the service itself depending on many factors.
From our experience in the design and analysis of authenti-
cation protocols, we have identified the following requirements
that our methodology should meet:
R1. Efficiency: the methodology should be efficient enough
to allow security experts to promply obtain results during
the design of authentication protocols;
R2. Classification: the methodology should provide a clear
classification of the successful attackers to allow security
designers to understand the related risk.
For this reason, we have structured our methodology in
multiple layers: combinatorial analysis, symbolic analysis, and
risk analysis; this way, we can enable security designers to
make informed decisions while maintaining the cost of invoking
automated security analysis techniques at a reasonable level. In
own capabilities; in the second case, they need to collude and combine their
capabilities. For readability, single attackers A = {a} can be denoted as {a} or
a; combinations of attackers A = {a1 , . . . , an } can be denoted as {a1 , . . . , an }
or a1 +· · · +an .
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
particular, the combinatorial layer requires high-level specifica-
tions and performs a fast, yet incomplete, analysis whose role is
to reduce the number of attackers to test in the following layer –
which is more computationally expensive – and comply with R1.
To provide complete results, the second layer is represented by
the symbolic analysis, which relies on advanced frameworks
requiring formal specifications with cryptographic details; this
analysis suffers from the well-known state space explosion prob-
lem that is common to several state-based techniques [9]. Finally,
the risk analysis collects the results of the previous analyses and
complements them with a risk assessment that provides a basis
to plan the mitigations, thus complying with R2.
A. Combinatorial Analysis
The first layer of our methodology aims at finding:
 
AC = AC ⊆ T M | MPC , μC (AC ) |=C GC (C )
with
μ C : T M → MA C
This is achieved through a high-level analysis based on au-
thentication factors: GC holds when attackers are not able to
compromise all the authentication factors involved in the pro-
tocol. In fact, attackers who compromise all the authentication
factors cause a violation of the whole protocol, and are reported
by the combinatorial analysis. In this context, MPC represents
the list of authentication factors involved in the protocol (inferred
from the MSC), while MAC represents the attackers’ capabilities
in terms of compromised authentication factors: we can consider
them as a table where rows represent attackers and columns rep-
resent authentication factors: each pair (a, af ) specifies whether
attacker a is able or not to compromise the authentication factor
af . We may also use the notation a af , where af can be a
compromised authentication factor or ∅ in case the attacker a
has no effect on the protocol.
In particular, AC is reported by the combinatorial analysis
(and thus is a solution of (C )) iff for each authentication
factor af ∈ MPC there exists an attacker a ∈ AC so that a
af . These attackers, resulting from an explicit violation of the
authentication factors, are called explicit.
Example 1. Let us consider an authentication protocol in
which users need to insert a password and scan a QR code
through an application on their smartphone (on which they must
already be authenticated). The protocol is composed of two
authentication factors: the password (i.e., a knowledge factor)
and the smartphone (i.e., an ownership factor). Let us consider
two attackers: thieves, who physically steal devices, and social
engineers, who deceive people into performing operations or re-
vealing secrets; therefore, T M = {T hief, Social Engineer}.
Thieves manage to steal the smartphone, but they do not know
the password, so they cannot compromise the protocol. Social
engineers manage to know the password, but they do not possess
the smartphone, so they cannot compromise the protocol. The
only way they have to compromise the protocol is by combining
their capabilities: together, they can both know the password
1937
TABLE I
ATTACKERS’ CAPABILITIES (MAC ) IN EXAMPLE 1
and possess the smartphone, thus violating the protocol (all the
padlocks are open in Table I).
Following Example 1, once we detect Thief + Social Engineer
as successful, any wider combination involving these attackers
would be trivially successful too, as attackers colluding together
result in an enrichment of the original capabilities. As a conse-
quence, to avoid redundancy, we only consider minimum sets
of attackers throughout our analyses: when a set of attackers
is detected as successful, we never consider any larger combi-
nation involving the already detected attacker. Formally, given
a non-empty set AC ∈ AC , no combination AC   AC will be
considered.
Given a successful violation, we observe that the following
two properties hold for the combinatorial analysis:
r it never reports false positives, meaning that the attackers
detected by the analysis do manage to violate the secu-
rity goal. Therefore, the combinatorial analysis is sound
w.r.t. (C );
r it may miss some advanced attacks yielding to false nega-
tives, thus it is incomplete w.r.t. (C ).
These properties allow us to (dramatically) reduce the number
of invocations of the precise and resource-intensive security
analysis in the next layer.
B. Symbolic Analysis
From the combinatorial analysis, we obtain the list of all the
explicit attackers violating the protocol (AC ). As a second layer
of our methodology, we rely on the symbolic analysis that aims
at finding:
AS = {AS ⊆ T M \ AC | MPS , μS (AS ) |=S GS } (S )
with
μ S : T M → MA S
The symbolic analysis can also discover complex attacks
where the attackers do not need to compromise all the authentica-
tion factors to violate the protocol, as they deceive the victim into
implicitly compromising the remaining factors on their behalf;
we have defined them as implicit attacks [10].
Example 2. Let us consider the protocol in Example 1. Social
engineers could launch an authentication request, insert the
user’s password (which they do know), and send the QR code to
the user, claiming that she might win a cruise by scanning it. As a
consequence, although they cannot explicitly compromise all the
authentication factors involved (they cannot possess the user’s
1938 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024
smartphone, as per Table I), they anyway manage to implicitly
compromise them as soon as the user scans the QR code.
By relying on the soundness of the combinatorial analysis,
we employ the symbolic analysis only to evaluate the attackers
who have not been detected by the combinatorial analysis (i.e.,
T M \ AC ); for this reason, the combinatorial analysis shares
the list of successful explicit attackers.
Given our expertise and past experience, for the symbolic
analysis we have chosen to leverage ASLan++ [11] – the spec-
ification language of the AVANTSSAR Platform [6] – in combi-
nation with SATMC [9] – a model checker for security protocols
relying on advanced SAT solvers. Anyway, the protocol could
also be modelled in different formal specification languages
and given in input to other model checkers (e.g., ProVerif [12]
or Tamarin [13]). With respect to the combinatorial analysis,
here the inputs described in Section II have to be expressed in
more refined specifications based on ASLan++. As a conse-
quence, MPS does not represent just the authentication factors
involved in the protocol, but consists in a refined model of
the messages exchanged by the entities. GS is modelled by
specifying the security properties that must hold on the channel
that gets established between the user and the Service Provider.
Moreover, while MAC was specified in terms of compromised
authentication factors, MAS is modelled in terms of channels’
properties that get violated and knowledge that is acquired dur-
ing the protocol. The Dolev-Yao model (MDY ) [14] supported
in SATMC can thus be extended by specifying custom attackers
with additional capabilities (e.g., those belonging to our threat
model), so that MAS = (MDY  MA∗ S ).
Example 3. From Example 2, social engineers can threaten
the confidentiality between the user and the mobile application
(and viceversa), as they can deceive the user into revealing
whichever value she inserts in (or reads from) the application.
Moreover, they can compromise the authenticity between the
browser and the user, as the QR code that she scans would not
really come from the browser (even though the user may think
so).
Once the model checker receives MPS and MAS , it verifies
that they satisfy the security goal, reporting details about the
attack in case a violation is found. We observe that the symbolic
analysis is both sound and complete with respect to (S ) under
suitable assumptions.
C. Risk Analysis
At the end of the combinatorial and symbolic analyses, a
list of explicit (AC ) and implicit (AS ) attackers is generated
and shared with the risk analysis layer, which evaluates the
risks of each attacker as a combination between the likelihood
and impact, according to some factors. Let ρL and ρI be two
functions that, given an attacker in T M, return tuples containing
parameters that once combined together yield the likelihood
or impact values, respectively; these values are defined by the
security expert for each single attacker. Moreover, let R be
a function that computes the risk, by suitably combining the
likelihood and impact. Although different methodologies can
be used, we rely on an extended version of the OWASP Risk
Rating Methodology [15]: R computes the overall likelihood
and impact by computing the average of the values returned by
ρL and ρI , respectively; each of them is then assigned a label
(Low, Medium, High). Finally, the likelihood and impact labels
are combined according to a risk matrix (described in [15]) to
obtain the overall risk.
Below, for concreteness, we consider that ρL returns five
factors and ρI four factors, as specified in Table II. We ob-
serve that the following discussion can be easily adapted to
other methodologies considering different tuples of factors to
characterise likelihood (ρL ) and impact (ρI ).
Depending on the considered attacker A, we now distinguish
two cases: A is a single attacker, i.e., |A| = 1; or A is a combi-
nation of attackers, i.e., |A| > 1.
1) Single Attacker (A = {a}): Given the set of factors that
we have adopted:
ρL (A) = ρL (a) = vTa D , vOa , vAV
a
, vUa I , vSA
a
a a a a
ρI (A) = ρI (a) = vLSP , vAS , vAD , vAP
where vfa = [0, 9] corresponds to the value assigned to the factor
f for the attacker a.
Finally, the risk can be computed by combining the likelihood
and impact through a suitable function R:
Risk (A) = Risk(a) = R (ρL (a), ρI (a))
2) Combination of Attackers: (A = {a1 , . . . , an }): When
considering a combination of attackers, each ak ∈ A (with
k = 1, . . . , n) is associated with a set of likelihood and impact
values:
ρL (ak ) = vTakD , vOak , vAV
ak
, vUakI , vSA
ak
ak a1 ak ak
ρI (ak ) = vLSP , vAS , vAD , vAP
As a consequence, for each likelihood and impact factor,
we have n values. We now explain how to derive a single
tuple for likelihood and one for impact from the n available
tuples, respectively, so to apply the function R to derive the risk
value. For this, we define a function C taking as input n values
belonging to a given factor f :
 
VfA = C vfa1 , . . . , vfan
With respect to the case of the single attacker, the functions
ρL and ρI have to be redefined accordingly:
ρL (A) = VTAD , VOA , VAV
A
, VUAI , VSA
A
A A A A
ρI (A) = VLSP , VAS , VAD , VAP
Finally, the risk can be computed as follows:
Risk (A) = R (ρL (A) , ρI (A))
In our analysis, we have defined C as follows:
r In general, we consider the minimum between all the
values for the considered factor. For instance, a combi-
nation of a physical thief (which must act physically, thus
vAV = 1) and a remote malware (which can act remotely,
thus vAV = 9) needs a physical intervention anyway, hence
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN 1939

TABLE II
FACTORS CONSIDERED FOR THE RISK ANALYSIS

the former value will be considered. Considering f ∈ of the attack. However, this consideration only applies
{T D, AV, U I, LSP, AS, AP }: when more than a single device is stolen. Therefore, given
    a combination of attackers that manage to physically steal
C vfa1 , . . . , vfan = min vfa1 , . . . , vfan k devices:
r Beyond the previous consideration, when considering  a an

C vAD1
, . . . , vAD
some particular factors such as the Opportunity and the
 a1 an
Spread of Attack, the likelihood decreases as the number of min vAD , . . . , vAD if k = 0
attackers involved n increases. Considering f ∈ {O, SA}: = a1 an
min vAD , . . . , vAD − (k − 1) if k ≥ 1
   
C vfa1 , . . . , vfan = min vfa1 , . . . , vfan − (n − 1) Remind that, in any case, values range from 0 to 9.
r In addition, we can distinguish two classes of attackers:
physical and remote (according to how they perform the D. Relationship Between the Analyses
attack). When attackers from both the classes are involved
in a combination, they need not only to perform physical Our methodology involves two different layers for the security
operations, but also to act remotely on the same user’s analysis (i.e., the combinatorial and symbolic analyses), which
devices, thus further reducing both the Opportunity and aim at identifying the explicit and implicit attackers that are able
the Spread of Attack. Considering f ∈ {O, SA}: to compromise the considered protocol. The list of successful
    attackers is then shared with the risk analysis layer, which
C vfa1 , . . . , vfan = min vfa1 , . . . , vfan − (n − 1) − 2 assigns a risk value to each of the attackers detected by the
previous analyses.
r Finally, as far as the Attack Detection is concerned, the The combinatorial and symbolic analyses are connected by
number of physical devices stolen must be taken in consid- a strong relationship that must be taken in consideration when
eration, since a higher number results in an easier detection providing the related models: MAS extends MAC , i.e., MAS
1940 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024
models in the specification language at least the same capabili-
ties on the authentication factors represented by MAC . To ensure
consistency between the two analyses, these models should be
provided by a security expert.
Due to this relationship, the combinatorial analysis is not
strictly necessary, as the symbolic analysis would be able to de-
tect both explicit and implicit attackers by itself. In particular, for
each attacker AC detected by the combinatorial analysis, there
exists a corresponding attacker AS detected by the symbolic
analysis, with AC = AS ; therefore, the combinatorial analysis
is sound with respect to the symbolic analysis. Consequently, we
rely on the combinatorial analysis to reduce the set of attackers
to test in the symbolic analysis, so as to reduce the overall
complexity of the process.
On the contrary, the symbolic analysis is mandatory: for each
attacker AS , there not always exist a corresponding attacker
AC , with AS = AC ; therefore, the combinatorial analysis is
incomplete with respect to the symbolic analysis.
E. Computational Considerations
The symbolic analysis requires advanced computational capa-
bilities, which result in a higher time of execution. On the other
hand, it provides a higher level of confidence on the results,
meaning that it reports also complex attacks that may have been
missed during the combinatorial analysis. If we performed the
symbolic analysis for all the n attackers (and combinations)
belonging to the threat model, we would have to run it 2n − 1
times. We can considerably reduce the set of attackers to test
thanks to the following considerations:
C1. Explicit attacks from the combinatorial analysis: the
main goal of the combinatorial analysis is to prune the set
of attackers to test, given its speed in detecting explicit
attackers. Consequently, by relying on its soundness,
we check neither already detected attackers nor larger
combinations involving sets of successful attackers.
C2. Physical thieves: when they steal a device, users cannot
be deceived into approving a malicious authentication
attempt on that device, because they no longer own it.
Therefore, these attackers cannot be involved in implicit
attacks.
C3. Non-minimum combinations of implicit attacks: once
the symbolic analysis detects successful attackers, we
do not consider further combinations with them (see
Section II-A for a formal definition).
More details will be provided in Section IV-E.
F. Application Scenarios
In the next section, we describe a concrete authentication
protocol to which we apply our methodology. This use case
scenario just aims to provide a concrete example of how our
methodology can be applied and how the results can be used
to support the design phase. In fact, our methodology can be
employed to analyse authentication protocols in many more
scenarios. For example, in the financial sector, to highlight the
differences between online banking authentication protocols be-
fore and after the PSD2 regulation on payment services [16]; in
the corporate sector, to support the design of new authentication
schemes or analyse existing ones according to internal needs.
III. USE CASE SCENARIO
We have a long-standing collaboration with Poligrafico e
Zecca dello Stato Italiano (IPZS), the Italian Government Print-
ing Office and Mint that is responsible for producing the Italian
eID card, called Carta d’Identità Elettronica (CIE 3.0) [17].
This collaboration aims at developing and analysing cutting-
edge identity management solutions to fully benefit from the
capabilities of eID cards, which are equipped with a microchip
that communicates through a contactless NFC interface. They
are also provided with an X.509 certificate [18] containing the
personal data of the owner, whose trustworthiness is ensured
by the competent authorities through a digital signature. As a
consequence, each card has a pair of keys that can be used
for public-key cryptography (following the IAS ECC specifi-
cations [19]), whose use can be unlocked by inserting a PIN.
Involving eID cards in an authentication workflow may pro-
vide several benefits from a security perspective. In this context,
we focused on hybrid scenarios allowing users to authenticate
from a personal computer by leveraging their smartphone as
an eID card reader. In particular, we now describe a concrete
protocol that is currently used in the Italian ecosystem as one
of the main authentication procedures to access Public Admin-
istration’s online services. This protocol requires users who
wish to authenticate themselves to launch a request from their
personal computer’s browser, which then displays a QR code.
Once users scan the QR code via a custom mobile application
(namely, eIDApp) on their smartphone, they are guided through
the interaction with their eID card and finally authenticated on
their personal computer. Therefore, the authentication factors
involved are the eID card ( ) and the PIN ( ).
A. Entities
The protocol involves the following set of entities:
r User: the claimant, who wants to authenticate on a specific
service. Each user is supposed to have a userId, which
is a uniquely identifying value that is contained in the eID
card’s certificate.2
r eID card: the eID card belonging to the user.
r eIDApp: the mobile application responsible for securely
interacting with the eID card.
r Identity Provider (IdP): responsible for managing users’
online identities and ensuring proper authentication. It is
composed of a front-end interface (accessible through a
browser) and a back-end server (IdPServer).
r Service Provider (SP): any online service where users can
authenticate. It is composed of a front-end interface (acces-
sible through a browser) and a back-end server (SPServer).
r Browser: a web browser that users can interact with in order
to access front-end interfaces of both the SP and the IdP.
This browser runs on a personal computer belonging to the
user.
2 In the Italian scenario, the serial number of the eID card is used as userId.
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
Fig. 2. Message sequence chart of the protocol.
The IdPServer and the SPServer are part of a trust relationship,
obtained after a federation procedure [20].
B. Flow
Fig. 2 shows the message sequence chart of the protocol,
which is composed of the following phases:
1) Authentication request: the user visits the SP webpage
and launches a new authentication request, thus being
redirected to the IdP. The IdPServer generates some
fresh values associated with the authentication attempt:
an identifier opId and an associated cookie IdPSes-
sionCookie that will be used during any commu-
nication between the browser and the IdPServer. After
storing these values, the IdPServer displays the login
page.
1941
2) User info: the user fills her identifying information
(userId) in the login page. The browser retrieves this
value and sends it to the IdPServer.
3) Challenge: the IdPServer generates the challenge and
displays it on the browser as a QR code, which the user is
required to scan through the eIDApp to extract the plain
challenge.
4) Response: after providing the PIN, the user is required
to place her eID card near the mobile device for NFC
scanning. In case the PIN is correct and has been provided
within a fixed number of attempts, the eID card signs
the challenge through its private key, thus generating
the response that is finally sent back to the IdPServer
through the eIDApp along with the eID card’s certificate.
5) OTP verification: the IdPServer generates a fresh OTP
and associates it with the current opId. The OTP, which
1942 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024
TABLE III
SECURITY ASSUMPTIONS
is displayed to the user through the eIDApp, needs to be
written back to the IdP login page on the browser. Finally,
it is sent to the IdPServer.
6) Redirection: the IdPServer redirects the user to the
SPServer with an authentication assertion.
During the protocol, the IdPServer verifies that:
r Step 10: the incoming IdPSessionCookie matches the
one generated at step 5.
r Step 23: (i) the eID card’s certificate has not been revoked;
(ii) the userId previously inserted matches the one stored
in the eID card’s certificate; (iii) the value obtained after
applying the eID card’s public key to response matches
the challenge.
r Step 29: (i) the incoming IdPSessionCookie matches
the one generated at step 5; (ii) the OTP inserted by
the user on the browser at step 27 matches the one
generated by the IdPServer at step 24; (iii) the OTP
has been provided within a fixed number of attempts;
(iv) the operation has been completed in a fixed time
interval.
In case one of these checks fails, the authentication procedure
ends with an error.
C. Challenge
During authentication, the IdPServer needs to be sure that the
involved eID card really belongs to the user who is going to be
authenticated. To this end, a challenge–response procedure [1]
occurs between the IdPServer and the eID card. In the consid-
ered protocol, the challenge is composed of the following
parameters:
r opId: the operation identifier, which is randomly gener-
ated and represents the authentication attempt;
r userId: the user identifier, which the user fills in during
the procedure;
r IdPName: the name of the IdP used for the authentication;
r SPName: the name of the SP which the user wishes to
authenticate onto;
r opText: a textual description of the current operation,
displayed on the mobile device before the approval.
IV. APPLICATION OF THE METHODOLOGY
In this section, we show how we have applied our methodol-
ogy to the use case scenario defined in Section III.
A. Security Setup
In this section, we set the analyses up for our use case scenario
by defining the security assumptions (Section IV-A1) and the
attackers’ capabilities (Section IV-A2).
1) Security Assumptions: During the analyses, we consider
the security assumptions that are described in Table III. We
categorize them in: eID cards Assumptions (EA), ensuring
that the authenticator has been properly activated; Procedural
Assumptions (PA), dealing with the authentication procedure
itself; Trust Assumptions (TA), related to the trust between the
entities involved in the protocol; and Channels Assumptions
(CA), regarding the properties of the communication channels.
2) Threat Model and Attackers’ Capabilities: In order to
analyze the security of the protocol, we have identified from [8]
the Authenticator Threats that can violate it. Then, we have
expanded and contextualized the related attackers to obtain the
threat model in Table IV:
T M = {PCT, MDT, CT, D, ES, SS, SE, MB, MM}
The relationship between the Authentication Threats identi-
fied by NIST and our threat model is detailed in the comple-
mentary website [21]. In particular, we have not considered:
“Assertion Manufacture or Modification” (since the authentica-
tion assertion is digitally signed by the IdPServer and cannot be
tampered with); “Offline Cracking” and “Online Guessing” (due
to the restricted number of possible attempts while inserting the
eID card’s PIN); “Side Channel Attack” (as in EA4 we assume
that the eID card’s private key is particularly difficult to extract);
and “Unauthorized Binding” (as eID cards can be associated
only to their legitimate owners, due to EA1).
Once defined the attackers, we have also defined their capabil-
ities in terms of compromised authentication factor(s) in our sce-
narios (Table V): closed padlocks ( ) denote non-compromised
factors, while open padlocks ( ) represent compromised fac-
tors. In addition, we use an asterisk (  ) to indicate a possession
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
TABLE IV
ATTACKERS BELONGING TO THE THREAT MODEL
TABLE V
ATTACKERS’ CAPABILITIES IN THE COMBINATORIAL MODEL
factor that is compromised indirectly. For instance, a malicious
application does not physically violate eID cards, yet it manages
to deceive victims into interacting with their eID cards, thus
compromising that factor without physically possessing it.
B. Combinatorial Analysis
The combinatorial analysis, described in Section II-A, dis-
covered 5 attackers that are able to compromise the protocol
explicitly:
AC = {{MM} , {CT, D} , {CT, ES} , {CT, SS} , {CT, SE}}
where the first corresponds to a malicious application, while the
others correspond to a card thief combined with another attacker
able to discover the user’s eID card’s PIN.
For instance, considering the combination CT+SS: CT man-
ages to obtain the victim’s eID card ( ) by physically stealing
it, while SS can compromise the PIN of the eID card ( ) by
looking at the victim while typing it. As a consequence, the
combination violates all the authentication factors involved in
the QR protocol and thus is able to authenticate onto an online
service as the victim.
C. Symbolic Analysis
As explained in Section II-B, we need to provide SATMC
with all the parameters in input, which have been modelled
1943
in ASLan++ following the work in [22]. To better understand
the formalisation, Table VI shows some relevant predicates in
ASLan++. The complete ASLan++ models are available on
the complementary website [21].
1) Protocol (MPS ): The model of the protocol formally de-
scribes the entities involved and the communications between
them over the communication channels. This model should be as
consistent as possible with the protocol it describes, in order to
obtain a proper analysis; however, as often happens, models can
also contain some approximations to reduce the computational
complexity of the analysis, though without losing crucial details.
For space reasons, the approximations adopted in our models are
described on the complementary website [21].
Legitimate entities may be required to know specific infor-
mation before the protocol execution. ASLan++ requires these
values to be passed as arguments to the related entities. In the
considered protocol:
r the user knows the PIN of the eID card and the userId;
r the eID card knows its PIN.
In addition to honest entities, also attackers (which in
ASLan++ are referred to as intruders and indicated with i)
may have some preliminary knowledge. In ASLan++, an initial
knowledge k is given to the intruder by using the expression
iknows(k). However, since attackers’ initial knowledge de-
pends on their capabilities, it will be specified directly in the
attackers’ model MA∗ S .
Beyond modelling the protocols, we also had to formalise
the security assumptions that we have identified in Table III.
The formal specification of such assumptions can be found
in Table VII, while the description of the predicates used is
provided in Table VI.
2) Model of the Attackers’ Capabilities (MA∗ S ): To model
the attackers’ capabilities for the symbolic analysis, we modify
some parts of the specifications according to the attacker that
we are considering in the specific run of the symbolic analysis.
Below you can find a description of how each attacker affects the
protocol; the numbers in parentheses refer to Table VIII, which
1944 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024

TABLE VI
RELEVANT PREDICATES IN ASLAN++

TABLE VII
SECURITY ASSUMPTIONS IN THE SYMBOLIC MODEL

displays the corresponding changes to make in the ASLan++
model. We also show the relationship between the symbolic
and the combinatorial models of the attackers’ capabilities, to
underline that the former (MAS ) can always be reduced to the
latter (MAC ); this leads to the discussion in Section II-D.
It is important to notice that we provide instructions to model
both how to consider and how not to consider a specific attacker.
Therefore, a dash (—) means that the predicate in the other
column of the same row does not apply.
PCT, MDT, CT Before the attacker steals the user’s device
(personal computer, mobile device or eID card), every inter-
action with it is surely made by the user herself, thus the
channel between the user and the browser (1), the eIDApp
(5) or the eID card (9) is authentic. Moreover, the fact
userOwnComputer (2), userOwnSmartphone (6) or
userOwnEIC (10) needs to be accordingly set to true,
since the user physically owns its device.
On the contrary, when the user’s device is possessed by the
attacker, all the interactions are made by the same entity (the
attacker himself). Therefore:
r since the browser (3), the eIDApp (7) and the eID card
(11), respectively, do not have any guarantee on this entity’s
identity, the related channel is only weakly authentic;
r since the attacker is the only entity who can interact with
the browser (4), the eIDApp (8) or the eID card (12), he
uses the same communication channel in every session.
This corresponds to violating the personal computer, mobile
device, or eID card, respectively. However, in our protocol,
only the eID card is considered as an authentication factor
(P CT, M DT ∅; CT ).
D The attacker manages to copy the eID card’s PIN that may be
written on paper (D ), thus getting to know this value
(13).
ES, SS Without considering these attackers, the following in-
formation can be known only to the intended recipient, thus
the considered communication channels are confidential:
r what the user types in the eIDApp/browser can be known
only by the eIDApp (14)/browser (15);
r what the browser shows to the user can be known only by
the user (16).
Property (15) corresponds to violating the PIN, which the user is
required to insert in the eIDApp (ES, SS ). Instead, prop-
erties (15) and (16) are needed because users are displayed an
OTP on the mobile application and have to insert this OTP on the
personal computer’s browser, thus the corresponding channels
need to be confidential when the attacker is not considered.
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
TABLE VIII
ATTACKERS’ CAPABILITIES IN THE SYMBOLIC MODEL
All the properties above are no longer true when the attackers
become effective, since they manage to intercept all these values.
SE Without considering this attacker, the communications be-
tween the user and the browser are protected by the following
properties:
r what the user types in the browser can be known only by
the browser, thus the channel is confidential (17);
r the user is sure that whatever the browser shows to her
really comes from the original browser, thus the channel is
authentic (18).
Properties (17) and (18) are needed because users are displayed
a QR code on the personal computer’s browser and at the end
of the operation they have to insert an OTP on the personal
computer’s browser, thus the corresponding channels need to be
confidential and authentic, respectively, when the attacker is not
considered.
When SE becomes effective, instead, these properties are no
longer valid: the attacker can both deceive users into revealing
what they typed in the browser, and provide them with some
malicious values by pretending to be the browser (e.g., the
QR code containing the challenge). Moreover, the attacker
manages to make the user reveal the PIN of the eID card (19)
and the OTP generated by the eIDApp (20), thus compromising
these values (SE ).
MB This attacker can take full control of the user’s browser
and perform any operation he wishes, thus we model MB by
making the attacker impersonate the browser (21). However,
it does not violate any authentication factor in our protocol
(M B ∅).
1945
MM This attacker can take full control of the user’s mobile
device and perform any operation he wishes. Therefore, we
model MM by explicitly making the attacker impersonate the
eIDApp (24). However, we need to restrict other attackers’
capabilities when the MM is not to be considered, otherwise
they could be too powerful than how we have really modelled
them. To this end, when MM is not considered:
r the user is sure that whatever the eIDApp shows to her
really comes from the original eIDApp, thus the channel is
authentic (22);
r the eID card is sure that whatever the eIDApp sends to her
really comes from the original eIDApp, thus the channel is
authentic (23).
When considering MM, there is no need to remove instructions
(22) and (23), as the channels do remain either authentic or
confidential. However, by impersonating the eIDApp due to (24),
MM can deceive the user into interacting with her eID card
(M M ), as well as know the PIN when the user types it
(M M ).
3) Security Goal (GS ): In ASLan++, a channel goal has the
following form:
name:(_) Sender Channel Receiver
We can rely on this syntax to model the security goal (identi-
fied in Section II) as follows:
User_authn_to_SP:(_) User *->> SPServer;
This represents a goal called User_authn_to_SP that
must be satisfied in the run(s) of the protocol. Specifically,
the goal requires that a communication channel between the
user (sender) and the SPServer (receiver) gets established at the
1946 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024
Fig. 3. Trace of the implicit attack performed by MB.
end of the protocol; on this channel, the following properties
(represented by *->>) must hold:
r authenticity: guarantees that any incoming message on this
channel indeed comes from the user;
r directedness: guarantees that any incoming message on
this channel was indeed intended for the SPServer;
r freshness (or replay protection): guarantees that any mes-
sage sent on this channel can be received only once.
4) Number of Sessions: For each analysis, we run two paral-
lel sessions of the protocol. This way, we can evaluate an attacker
leveraging a parallel session launched by the users themselves
to finalise the attack, which represents how implicit attacks are
usually performed. The two sessions share the same inputs,
though the communication channels used are different (except
when modelling some attackers, as detailed above).
5) Results: The symbolic analysis tested the following at-
tackers: D, ES, SS, SE, MB, D+ES, D+SS, ES+SS, D+ES+SS
(see Section IV-E for more details) and detected two attackers:
AS = {{SE} , {MB}}
For both of them, the analysis reported the attack trace,3 which
is a graphical representation of the messages exchanged between
the entities taking part in the protocol, by using arrows labelled
with the content of the message. Messages consisting in the
concatenation of more values are joined by a dot, while fresh
values f are represented by the expression n(f ). In addition
to the entities taking part in the protocol, attack traces usually
display an additional entity i representing the intruder (i.e., the
attacker). In case the attacker impersonates another entity e,
this fact is represented by the expression i(e) placed inside
a box.
Considering MB, the attack trace in Fig. 3 shows that when the
victim tries to authenticate on an SP (through request1) and
inserts her userId, the attacker can initiate an authentication
3 To enhance readability, the attack traces displayed in this paper are a
simplified version of those generated by SATMC.
process on the same SP by using the same userId and obtain a
challenge in the form of a QR code. Following the authentication
process, the victim should be displayed a QR code as well, but
– since the attacker has full control of the victim’s browser – he
can tamper with the victim’s authentication page and replace the
original QR code with that obtained in his parallel authentication
session. The user will be deceived into scanning the malicious
QR code with the eIDApp, inserting the PIN and reading the eID
card through NFC. At the end, she will be displayed an OTP
on the eIDApp to insert on her personal computer’s browser;
however, having control of the browser, MB can intercept the
OTP and insert it in his own authentication page. As a result,
the attacker will be authenticated on his own personal computer
with the victim’s credentials, as the QR code scanned by the
user had been originally issued in the context of the attacker’s
authentication session.
The second implicit attack, performed by SE, is similar to the
previous one. However, SE does not need to alter the victim’s
browser, since he can provide her with the QR code through
other means (e.g., via email or a social media) and deceive her
into scanning it through social engineering techniques (e.g., «S-
can the QR code and use your eID card to win a wonderful
cruise!»). Then, the attacker can – again – deceive the victim
into revealing the OTP, so that he can finalise the authentication
by impersonating the user.
D. Risk Analysis
Table IX shows the results of the risk analysis applied to
our use case scenario, where we can identify three attackers
associated with a low risk (MM, CT+ES and CT+SE), three
with a medium risk (CT+D, CT+SS and SE) and one with
a high risk (MB). MB is a powerful attacker that requires
a specific technical preparation to infect the browser, can be
performed fully remotely, does not need any interaction with
the user, is difficult to detect, and can perform large-scale
attacks.
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
TABLE IX
RESULTS OF THE RISK ANALYSIS
TABLE X
COMPUTATIONAL EFFECTS OF OUR CONSIDERATIONS DURING OUR ANALYSES
E. Computational Considerations
In Section II-E we have proposed some considerations to
reduce the computational complexity of the symbolic analysis.
Table X displays the number of attackers that our considerations
exempted us from testing in the use case. When applied in se-
quence, each consideration further improves the set of attackers
excluded by the previous ones. As a result, the symbolic analysis
needed to test only 9 attackers in our use case scenario (1.8%),
thus considerably optimising the analysis flow.
V. SECURITY MITIGATIONS
The role of security mitigations is extremely important to
reduce risks: they play a fundamental role in shortening the
list of successful attackers or reducing the likelihood and/or
impact of certain attackers. As a consequence, the selection of
which mitigations are worth implementing is a crucial phase
during protocol design. However, companies or governmental
agencies implementing authentication procedures could have
custom requirements; that imposes trade-offs between usability
and security when choosing mitigations. Table XI displays the
mitigations that are implemented in our use case scenario. In
addition to security, we focus on usability that is one of the most
important dimensions to consider when selecting mitigations,
as users are more willing to accept simple protocols rather than
cumbersome ones. We now discuss each mitigation along with
their effects.
M1: Since rooted devices are known to be extremely vulnera-
ble to common attacks, preventing the use of the eIDApp
on such devices brings many advantages in terms of
security. On the other hand, it may result in usability
issues since people who rooted their devices on purpose
would not manage to use the application.
1947
M2: Restricts the attack surface: attackers cannot just send
malicious QR codes to random people, but they need
to choose a precise victim as the userId is part of
the challenge. Although we do not require the userId
to be a secret value (like a password), it should not
be commonly known (like the name of the user) to
reduce the possibility of a general attack. Given the
additional value users have to insert, this mitigation
slightly reduces usability.
M3: Restricts the ability of attackers to deceive users by
sending improper QR codes, since the operation must
be completed within a certain time interval. This mit-
igation partially affects usability as well, considering
that expired authentication attempts have to be launched
again.
M4: By restricting the possible attempts, prevents guessing
and brute-force attacks on secret values. The number of
available attempt should be carefully set in order to find
a trade-off between security and usability (i.e., neither
too tight, nor too loose).
M5: Restricts the possibility of an attack, since the attacker
would also need to obtain the OTP associated with that
specific authentication attempt. Specifically, we have
decided to display the OTP on the mobile application in
order to reduce phishing attacks carried out via email:
in case users do not have an authentication attempt
currently ongoing on the personal computer’s browser,
they would not know where to insert the OTP. Given
the additional value users have to insert, this mitigation
slightly reduces usability.
M6: Reminds users of verifying that QR codes are displayed
on an official website, thus reducing the likelihood of
attackers sending improper QR codes on phishing web-
sites (such as SE and MB). However, since the warning
is always displayed within the mobile application, users
could ignore or get used to it. This mitigation has no
impact on usability, as it does not restrict users’ attempt
nor it requires users to perform additional operations.
M7: Helps the user distinguish between legitimate and ma-
licious authentication attempts. This mitigation is ex-
tremely effective in authorization contexts, as precise
details about the ongoing operation to authorize are
displayed to the user. When dealing with authentication,
instead, it is difficult to find suitable details to uniquely
identify the ongoing attempt, thus the security benefits
1948 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024

TABLE XI
LIST OF POSSIBLE MITIGATIONS

TABLE XII
RESULTS OF THE RISK ANALYSIS WITH ONLY M4 APPLIED

are slightly lower. In general, the information displayed
to the user should be relevant and uniquely identify
the operation, otherwise some attacks could anyway be
performed. The information can be shown either without
affecting the procedure (e.g., in the same window where
the user inserts the PIN) or by introducing an ad hoc
activity, which would slightly affect usability. When
rating usability in Table XI, we consider the former case.
A. What if...?
In Section IV, we have analysed the use case scenario that
implements all the mitigations listed in Table XI. However, it
may be interesting to understand the effects of removing some
mitigations, e.g., to improve the usability level of the designed
protocol. To this end, let us now consider the protocol in Fig. 2
only implementing mitigation M4, which is already enforced by
eID cards themselves (as far as their PIN is concerned). Table XII
displays the results of the new risk analysis, highlighting a signif-
icant worsening of the situation: SE becomes a critical attacker,
MM is now associated with a high risk, and the combination
CT+SE increases to a medium risk. These results show that
carefully selecting the mitigations to implement during the de-
sign phase brings many improvements to the security level of the
protocol.
In general, SE, MB and MM are clearly the most powerful
attackers, as they can deceive users through social engineer-
ing techniques or compromise users’ devices. Therefore, most
of the mitigations aim at targetting these attackers. As a re-
sult, the risk of these powerful attackers can be significantly
reduced.
VI. RELATED WORK
The scientific literature contains many approaches to the
security analysis of authentication protocols. For the sake of
brevity, we discuss only the approaches that are more relevant
for our work.
A first approach consists in proposing a new au-
thentication scheme and performing a formal analysis to
demonstrate its compliance with a given set of require-
ments and security goals. Many scientific works follow
this approach in different contexts: healthcare [23], [24],
generic [25] and industrial [26], [27] IoT environments,
smart homes [28], [29], wireless sensor networks [30], [31],
and many more. However, several security analyses have
been found flawed [32], thus leading to potentially incorrect
results.
Another approach aims at analysing the security of existing
authentication protocols or standards, such as FIDO [33], [34],
OAuth2.0 [35], 5G EAP-TLS [36] and Single Sign-On [22]. In
this case, the analysis aims at validating a third-party authenti-
cation scheme that is widely used.
In general, most of the analyses rely on formal frameworks,
which requires security experts to model the considered sce-
nario; then, they use formal provers or model checkers (such as
ProVerif [12] or Tamarin [13]) to assess the security of the pro-
tocol, finally obtaining a list of the attackers that can violate the
PERNPRUNER et al.: AUTOMATED MULTI-LAYERED METHODOLOGY TO ASSIST THE SECURE AND RISK-AWARE DESIGN
security goals. These techniques usually analyse all the attackers
contained in the threat model, thus resulting in a high execu-
tion time associated with the computational complexity of the
process.
Moreover, the mere list of successful attackers may not be
enough: in a corporate scenario, for instance, security designers
could need to have clear indications on the risks associated
with the successful attackers, in order to prioritise them and
understand which ones need to be mitigated more urgently and
which of them can be ignored.
By combining different level of analysis, our methodology
provides several benefits: the combinatorial analysis can be
performed even by less-expert users, and provides a list of
explicit attacks; the symbolic analysis still needs to be set up by
security experts, but is performed on a smaller set of attackers as
it only searches for implicit attacks, thus reducing the computa-
tional complexity of the analysis; the risk analysis complements
the list of attackers by associating the related risks. Security
designers are thus provided with a methodology that they can
customise according to their needs (e.g., they can skip the sym-
bolic analysis if they need for quick, yet possibly incomplete,
results).
VII. CONCLUSION
In this paper, we have presented a multi-layered security
methodology to analyse multi-factor authentication protocols. In
addition to identifying the list of attackers that are able to com-
promise the protocol, our methodology provides information
about the associated risks. For concreteness, we have showed
how we applied the methodology to a real use case scenario: an
authentication procedure based on QR codes and electronic doc-
uments that currently represents one of the main authentication
procedures to access Italian Public Administration’s online ser-
vices. This activity, performed in the context of a long-standing
collaboration with Poligrafico e Zecca dello Stato Italiano (the
Italian Government Printing Office and Mint), supported the
design of the authentication protocol by highlighting which
mitigations reached the best trade-off between security and
usability.
A. Future Work
Given the rising importance of eID cards, we plan to elaborate
on how they can be involved in other authentication contexts
such as those dealing with OpenID Connect or FIDO2, in order to
understand the advantages they could bring in terms of security.
We are also going to refine the formal models of our use case
scenario, possibly moving to more supported model checkers
such as Tamarin [13], which would allow us to benefit from the
active community of users. Finally, we would like to improve our
risk analysis procedure by enhancing its flexibility, for instance
by adapting the risk factors’ values to the context in order to
allow for more granular what-if analyses.
1949
ACKNOWLEDGMENT
The authors would like to thank the anonymous reviewers for
their valuable comments that helped us improve the quality of
the article.
REFERENCES
[1] P. A. Grassi, M. E. Garcia, and J. L. Fenton, “Digital iden-
tity guidelines,” NIST Special Publication 800-63-3, Jun. 2017,
doi: 10.6028/NIST.SP.800-63-3.
[2] Auth0, The State of Secure Identity 2022, 2022. [Online]. Available: https:
//auth0.com/resources/whitepapers/2022-state-of-secure-identity-report
[3] Vanson Bourne, The State of Authentication in the Finance Indus-
try 2022, Jul. 2022. [Online]. Available: https://get.hypr.com/state-of-
authentication-in-the-finance-industry-2022
[4] S. An et al., “CloudSafe: A tool for an automated security analysis for cloud
computing,” in Proc. IEEE 18th Int. Conf. Trust Secur. Privacy Comput.
Commun./IEEE 13th Int. Conf. Big Data Sci. Eng., 2019, pp. 602–609.
[5] G. Agosta, A. Barenghi, A. Parata, and G. Pelosi, “Automated security
analysis of dynamic web applications through symbolic code execution,”
in Proc. 9th Int. Conf. Inf. Technol. New Gener., 2012, pp. 189–194.
[6] A. Armando et al., “The AVANTSSAR platform for the automated val-
idation of trust and security of service-oriented architectures,” in Proc.
Int. Conf. Tools Algorithms Construction Anal. Syst., Springer, 2012,
pp. 267–282.
[7] A. Armando, R. Carbone, L. Compagna, J. Cuellar, and L. Tobarra,
“Formal analysis of SAML 2.0 web browser single sign-on: Breaking the
SAML-based single sign-on for Google apps,” in Proc. 6th ACM Workshop
Formal Methods Secur. Eng., New York, NY, USA, 2008, pp. 1–10.
[8] P. A. Grassi et al., “Digital identity guidelines: Authentication and lifecy-
cle management,” NIST Special Publication 800–63B, NIST, Jun. 2017,
doi: 10.6028/NIST.SP.800-63b.
[9] A. Armando, R. Carbone, and L. Compagna, “SATMC: A SAT-based
model checker for security protocols, business processes, and security
APIs,” Int. J. Softw. Tools Technol. Transfer, vol. 18, no. 2, pp. 187–204,
Apr. 2016.
[10] M. Pernpruner, R. Carbone, S. Ranise, and G. Sciarretta, “The good, the
bad and the (not so) ugly of out-of-band authentication with eID cards and
push notifications: Design, formal and risk analysis,” in Proc. 10th ACM
Conf. Data Appl. Secur. Privacy, 2020, pp. 223–234.
[11] AVANTSSAR, “ASLan++ Specification and Tutorial. Deliverable
D2.3”, Mar. 2011. [Online]. Available: https://st.fbk.eu/complementary/
TDSC2022
[12] B. Blanchet, B. Smyth, V. Cheval, and M. Sylvestre, “ProVerif 2.00:
Automatic Cryptographic Protocol Verifier, User Manual and Tutorial”,
May 2018. [Online]. Available: https://prosecco.gforge.inria.fr/personal/
bblanche/proverif/manual.pdf
[13] S. Meier, B. Schmidt, C. Cremers, and D. A. Basin, “The TAMARIN
prover for the symbolic analysis of security protocols,” in Proc. Int. Conf.
Comput. Aided Verification, Springer, 2013, pp. 696–701.
[14] D. Dolev and A. C. Yao, “On the security of public key protocols,” IEEE
Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, Mar. 1983.
[15] OWASP, “OWASP risk rating methodology,” Aug. 2018. [Online].
Available: https://www.owasp.org/index.php/OWASP_Risk_Rating_
Methodology
[16] European Union, “Directive (EU) 2015/2366,” Official J. Eur. Union,
vol. OJ L 337/35, May 2015. [Online]. Available: http://data.europa.eu/
eli/dir/2015/2366/oj
[17] Ministero dell’Interno, “CIE features,” 2020. [Online]. Available: https:
//www.cartaidentita.interno.gov.it/en/cie/cie-features/
[18] ITU, “Information Technology – Open Systems Interconnection – The
Directory: Public-Key and Attribute Certificate Frameworks”, Oct. 2006.
[Online]. Available: http://handle.itu.int/11.1002/1000/13031
[19] GIXEL, European Card for e-Services and National e-ID Applications,
Feb. 2009.
[20] P. A. Grassi et al., “Digital identity guidelines: Federation and
assertions,” NIST Special Publication 800–63C. NIST, Jun. 2017,
doi: 10.6028/NIST.SP.800-63c.
[21] M. Pernpruner, R. Carbone, G. Sciarretta, and S. Ranise, “Complemen-
tary website,” 2022. [Online]. Available: https://st.fbk.eu/complementary/
TDSC2022
1950 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 21, NO. 4, JULY/AUGUST 2024

[22] G. Sciarretta, R. Carbone, S. Ranise, and L. Viganò, “Formal analysis of
mobile multi-factor authentication with single sign-on login,” ACM Trans.
Privacy Secur., vol. 23, no. 3, 2020, Art. no. 13.
[23] R. Hajian, S. ZakeriKia, S. Erfani, and M. Mirabi, “SHAPARAK: Scalable
healthcare authentication protocol with attack-resilience and anonymous
key-agreement,” Comput. Netw., vol. 183, 2020, Art. no. 107567.
[24] S. S. Sahoo, S. Mohanty, and B. Majhi, “A secure three factor based
authentication scheme for health care systems using IoT enabled devices,”
J. Ambient Intell. Humanized Comput., vol. 12, pp. 1419–1434, 2021.
[25] H. Lee, D. Kang, J. Ryu, D. Won, H. Kim, and Y. Lee, “A three-factor
anonymous user authentication scheme for Internet of Things environ-
ments,” J. Inf. Secur. Appl., vol. 52, 2020, Art. no. 102494.
[26] X. Li, J. Niu, M. Z. A. Bhuiyan, F. Wu, M. Karuppiah, and S. Kumari, “A
robust ECC-based provable secure authentication protocol with privacy
preserving for industrial Internet of Things,” IEEE Trans. Ind. Informat.,
vol. 14, no. 8, pp. 3599–3609, Aug. 2018.
[27] R. Vinoth, L. J. Deborah, P. Vijayakumar, and N. Kumar, “Secure multifac-
tor authenticated key agreement scheme for industrial IoT,” IEEE Internet
of Things J., vol. 8, no. 5, pp. 3801–3811, Mar. 2021.
[28] Y. Guo, Z. Zhang, and Y. Guo, “SecFHome: Secure remote authentication
in fog-enabled smart home environment,” Comput. Netw., vol. 207, 2022,
Art. no. 108818.
[29] Y. Xia, R. Qi, S. Ji, J. Shen, T. Miao, and H. Wang, “PUF-assisted
lightweight group authentication and key agreement protocol in smart
home,” Wireless Commun. Mobile Comput., vol. 2022, 2022.
[30] Y. Lu, G. Xu, L. Li, and Y. Yang, “Anonymous three-factor authenticated
key agreement for wireless sensor networks,” Wireless Netw., vol. 25,
pp. 1461–1475, 2019.
[31] T.-Y. Wu, L. Yang, Z. Lee, S.-C. Chu, S. Kumari, and S. Kumar, “A
provably secure three-factor authentication protocol for wireless sensor
networks,” Wireless Commun. Mobile Comput., vol. 2021, pp. 1–15, 2021.
[32] Q. Wang and D. Wang, “Understanding failures in security proofs of
multi-factor authentication for mobile devices,” IEEE Trans. Inf. Forensics
Security, vol. 18, pp. 597–612, 2023.
[33] H. Feng, H. Li, X. Pan, and Z. Zhao, “A formal analysis of the FIDO UAF
protocol,” in Proc. Int. Conf. Netw. Distrib. Syst. Secur. Symp., 2021. [On-
line]. Available: https://www.ndss-symposium.org/ndss-paper/a-formal-
analysis-of-the-fido-uaf-protocol/
[34] J. Guan, H. Li, H. Ye, and Z. Zhao, “A formal analysis of the FIDO2
protocols,” in Proc. Eur. Symp. Res. Comput. Secur., Springer, Switzerland,
2022, pp. 3–21.
[35] D. Fett, R. Küsters, and G. Schmitz, “A comprehensive formal security
analysis of OAuth 2.0,” in Proc. ACM SIGSAC Conf. Comput. Commun.
Secur., 2016, pp. 1204–1215.
[36] J. Zhang, L. Yang, W. Cao, and Q. Wang, “Formal analysis of 5G EAP-TLS
authentication protocol using proverif,” IEEE Access, vol. 8, pp. 23 674–23
688, 2020.
Roberto Carbone received the PhD degree in elec-
tronic and computer engineering and telecommuni-
cations from the University of Genoa, Italy, in 2009.
He is the head of the Security & Trust Research Unit,
Center for Cybersecurity, Fondazione Bruno Kessler.
His previous appointments include a period as visiting
scholar with the Department of Computer Science,
University of Pittsburgh, Pennsylvania, US. He has
been involved in several international and national
research projects and industrial collaborations. His
research focuses on digital identity management and
the (formal) analysis of security protocols and services.
Giada Sciarretta received the MSc degree in math-
ematics and the PhD degree in computer science
from the University of Trento, in 2012 and 2018,
respectively. She is a researcher with the Security
& Trust Research Unit, Center for Cybersecurity,
Fondazione Bruno Kessler. Her research focuses on
digital identity with a specialization in the design,
security and risk assessment of access delegation and
single sign-on protocols (e.g., OAuth 2.0 and OpenID
Connect), multi-factor authentication (e.g., based on
biometric or eID cards) and fully-remote enrollment
procedures.
Silvio Ranise received the PhD degree in computer
engineering from the University of Genoa, Italy, and
the Henri Poincaré University, Nancy, France. He
is the director with the Center for Cybersecurity,
Fondazione Bruno Kessler and a full professor of
computer science with the University of Trento De-
partment of Mathematics. He has been a researcher
with the INRIA-National Institute for Research in
Digital Science and Technology, visiting professor
with the Computer Science Department, University of
Milan and senior researcher with Fondazione Bruno
Kessler.

Marco Pernpruner received the BSc degree in infor-

mation and business organisation engineering from
the University of Trento, in 2016, and the MSc degree
in computer science and engineering from the Univer-
sity of Verona, in 2019. He is a student of the PhD
Program in security, risk and vulnerability, jointly
offered by the University of Genoa and Fondazione
Bruno Kessler (Italy). He has also been a visiting PhD
student with King’s College London (UK), in 2022.
His research focuses on digital identity, with a spe-
cialization in the design, security and risk assessment
of multi-factor authentication and fully-remote enrollment procedures.