Abstract
Due to the potential of exposing the privacy of a user, while accessing a system through an authentication process, many studies have focused on the analysis of existing protocols to develop new methods that are based on biometrics or using extra devices to add more layers of security to the authentication process. For a few years, the idea of utilizing "something you know" with "something you have" and "personal authentication device (PAD)" has become common for use in verification protocol. Very recently, a more secure P AD, namely, the Offline Personal Authentication Device (OffP AD) has been invented to serve the authentication process. This single device, the OffP AD, can be used to manage the identities of both the users and service providers, as well as to support the authentication process, while being offline most of the time. In this paper rigorous vulnerability analysis for OffP AD-based authentication technique has been conducted in terms of attack tree analysis. Finally, the mitigation technique has been proposed for the vulnerabilities.