Adversary Models for Mobile Device Authentication
This work addresses the need for stronger, comparable security assessments in mobile device authentication, though it is incremental as it builds on existing threat modeling approaches.
The authors tackled the problem of weak adversary models in mobile device authentication by introducing a new classification of adversaries and applying it to a literature survey, revealing that most protocols lack comprehensive security analysis.
Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods having been proposed and analyzed. In related areas such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have already been established and are used to qualitatively and quantitatively compare different methods. Unfortunately, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we first introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We then apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. Our proposed classification of adversaries provides a strong uniform adversary model that can offer a comparable and transparent classification of security properties in mobile device authentication methods.