A Formal Verification of a Reputation Multi-Factor Authentication Mechanism for Constrained Devices and Low-Power Wide-Area Network Using Temporal Logic.

There are many security challenges in IoT, especially related to the authentication of restricted devices in long-distance and low-throughput networks. Problems such as impersonation, privacy issues, and excessive battery usage are some of the existing problems evaluated through the threat modeling of this work. A formal assessment of security solutions for their compliance in addressing such threats is desirable. Although several works address the verification of security protocols, verifying the security of components and their non-locking has been little explored. This work proposes to analyze the design-time security of the components of a multi-factor authentication mechanism with a reputation regarding security requirements that go beyond encryption or secrecy in data transmission. As a result, it was observed through temporal logic that the mechanism is deadlock-free and meets the requirements established in this work. Although it is not a work aimed at modeling the security mechanism, this document provides the necessary details for a better understanding of the mechanism and, consequently, the process of formal verification of its security properties.

Autenticação multi-fator para telemedicina usando dispositivos móveis e senhas descartáveis / Multi-factor authentication for telemedicine using mobile devices and one-time passwords / Autenticación multi-factor para telemedicina utilizando dispositivos móviles y contraseñas desechables

Sistemas de telemedicina necessitam de serviços de autenticação fortes para garantir o sigilo e a privacidade dos dados e, ao mesmo tempo flexíveis para atender as necessidades de profissionais e pacientes. O foco deste trabalho é a validação de um novo processo de autenticação. Propomos um serviço de autenticação voltado à telemedicina baseado em tecnologias de web services. Este serviço faz uso de métodos de autenticação escaláveis e baseados em duplo fator. Uma de suas principais características é a flexibilidade na configuração dinâmica dos mecanismos de autenticação. Neste trabalho apresentamos brevemente a engenharia de requisitos do sistema de segurança e alguns detalhes da sua implementação. Também apresentamos resultados de um primeiro estudo de validação com usuários.

Telemedicine systems require authentication services that are strong enough to ensure confidentiality and privacy of data and, at the same time, flexible to meet the needs of professionals and patients. The focus of this paper isthe validations of a new authentication process. We propose an authentication service for telemedicine based on web services. This service employs scalable authentication methods based upon a dual authentication factor. One of its main characteristics is flexibility in the dynamic configuration of the authentication mechanisms. In this paper we dealbriefly with the requirements engineering of the security system and some details of its implementation. We also presentthe results of a first validation study with users.