FRACTAL: Single-Channel Multi-factor Transaction Authentication Through a Compromised Terminal

Savio Sciancalepore, Simone Raponi, Daniele Caldarola, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations


Multi-Factor Authentication (MFA) schemes currently used for verifying the authenticity of Internet banking transactions rely either on dedicated devices (namely, tokens) or on out-of-band channels—typically, the mobile cellular network. However, when both the dedicated devices and the additional channel are not available and the Primary Authentication Terminal (PAT) is compromised, MFA schemes cannot reliably guarantee transaction authenticity. The afore-mentioned situation is typical, e.g., offshore or on-board of aircraft, when only few untrusted terminals have Internet connection. In this paper, we present FRACTAL, a new scheme providing single-channel transaction MFA through general-purpose additional authentication terminals. Moreover, the proposed solution is also resilient against a potentially-compromised PAT. FRACTAL easily scales up as per the number of multiple authentication factors, and it is extensible beyond the banking scenario, e.g., to unattended and constrained scenarios, by integrating also Internet of Things (IoT) devices as additional authentication terminals. Other than enjoying a formal verification of its security properties via ProVerif, FRACTAL is also supported by an extensive experimental performance assessment. Our real-world Proof-of-Concept scenarios, implemented using Spring micro-services, show that FRACTAL can complete a transaction in about 2 s, independently from the remote server location. The flexibility of use, the guaranteed security, and the striking performance, characterize FRACTAL as a solution with an expected high potential impact in the authentication field, for both Industry and Academia.
Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages17
ISBN (Print)9783031157769
StatePublished - Jan 1 2022
Externally publishedYes


Dive into the research topics of 'FRACTAL: Single-Channel Multi-factor Transaction Authentication Through a Compromised Terminal'. Together they form a unique fingerprint.

Cite this