Skip to main content

Table 1. Mapping between assumptions (Asm(s) for short) and formal specification.

From: Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience

Asm Formal specification
Specification of Asm Removal of Asm
TA We do not consider sessions with i playing the role of \( ADC \) add sessions with i playing the role of \( ADC \)
ComA1 link(T2O,O2T); delete link(T2O,O2T);
ComA2 authentic_on(T2O,TreC); and DB Keyhash delete authentic_on(T2O,TreC);
ComA3 confidential_to(O2A,ADC); weakly_authentic(O2A); weakly_confidential(A2O); authentic_on(A2O,ADC); link(O2A,A2O); delete confidential_to(O2A,ADC); weakly_authentic(O2A); weakly_confidential(A2O); authentic_on(A2O,ADC); link(O2A,A2O);
ActivA Data obtained during the activation phase are nonpublic values shared as parameters between \( Patient \), \( OTP \)-\( PAT \) and \( ADC \) add iknows(pinUser); iknows(token_IDP); iknows({|seed|}_pinUser); in general add all the iknows(IFactor); obtained during the activation phase
BA1 “Built-in”: i cannot read the internal state of the other entities add iknows(token_IDP); and iknows({|seed|}_pinUser); in general add all the iknows(\(IFactor_p\));
BA2 “Built-in”: i cannot read the internal state of the other entities add iknows(pinUser); in general add all the iknows(\(IFactor_k\));
UBA1 confidential_to(P2O,OTP-PAT); delete confidential_to(P2O,OTP-PAT);
UBA2 authentic_on(P2O,Patient); delete authentic_on(P2O,Patient);