Skip to Main content Skip to Navigation

Modélisation et évaluation de la sécurité des parcours d'authentification

Youssou Ndiaye 1, 2 
Abstract : Software Applications are being ubiquitous in our daily life. One application may run in different platforms (e.g., Web, Mobile, Gaming Console) while being accessible simultaneously. Although these heterogeneity raises the usability from the end-user’s perspective, it makes the applications more complex to maintain when they evolve, especially when it comes to verify the end-user’s identity and authenticity. Approuved Standards and protocols provide means to ensure the end-user’s identity. Neverthless, these ones lake of considering risks introduced by factors of these heteregeneous context. Some of the factors are : execution environment, usability choice, design errors and end-user’s behaviour. This thesis provides tools and approaches that allows designers to improve the security design of their applications while considering elements from the real-life contexte. This approach imply to identify the main assets to protect, the risks and the threats. Our approach involves Web/Mobile applications, mainly we are focusing on the authentication procedure of the end-user since this is vital in order to avoid unauthorized access to the legitimate user’s resources. These authentification, while leveraging on approuved authentication schemes, considerably lakes of formal specification during the design phase. First, we investigate the impact of the heteregeneous elements on the authentication procedure. Consequently, we identify the relevant flaws that we caracterize and then define as logic flaws. To overcome their flaws, we provide a set requirements that aim to tackle them during the design phase. Second, to overcome the lake of formal specification of the authentication procedure during the design phase, we provide a Domain-Specific Language (DSL). This dedicated language implements the abstractions of a risk assessment framework that we provide. The DSL allows to extend existing authentication schemes while considering real-life contexts. Then, from a given specification, it provides the result of the risk assessment of the identified logic attacks.
Document type :
Complete list of metadata

Cited literature [199 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Tuesday, August 25, 2020 - 11:03:11 AM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM
Long-term archiving on: : Tuesday, December 1, 2020 - 7:04:37 AM


Version validated by the jury (STAR)


  • HAL Id : tel-02921435, version 1


Youssou Ndiaye. Modélisation et évaluation de la sécurité des parcours d'authentification. Cryptographie et sécurité [cs.CR]. Université Rennes 1, 2019. Français. ⟨NNT : 2019REN1S076⟩. ⟨tel-02921435⟩



Record views


Files downloads