Automatic Verification of Security of OpenID Connect Protocol with ProVerif

被引：5

作者：

Lu, Jintian ^{[1
]}

Zhang, Jinli ^{[1
]}

Li, Jing ^{[1
]}

Wan, Zhongyu ^{[2
]}

Meng, Bo ^{[1
]}

机构：

[1] South Cent Univ Nationalities, Sch Comp, MinYuan Rd 708,HongShan Sect, Wuhan 430074, Hubei, Peoples R China

[2] Jianghan Univ, School Netctr, SanJiaoHu Rd 8,CaiDian Sect, Wuhan 430056, Hubei, Peoples R China

来源：

ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING | 2017年 / 1卷

关键词：

D O I：

10.1007/978-3-319-49109-7_20

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Owning to the widely deployment of OpenID Connect protocol in the important applications, in order to provide a strong confidence in its security for the people, in this study, we firstly review OpenID Connect protocol. And then, we use the formal language: Applied PI calculus to model OpenID Connect protocol and provide a security analysis with the automatic tool ProVerif. Finally, we find it does not have the secrecy and have some authentications. We present some approaches to address the security problems in OpenID Connect protocol.

引用

页码：209 / 220

页数：12

共 50 条

[1] Security Analysis of OpenID Connect Protocol with Cryptoverif in the Computational Model
Zhang, Jinli
Lu, Jintian
Wan, Zhongyu
Li, Jing
Meng, Bo
ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING, 2017, 1 : 925 - 934
[2] Automatic Verification of Security Protocols in the Symbolic Model: The Verifier Proverif
Blanchet, Bruno (Bruno.Blanchet@inria.fr), 1600, Springer Verlag (8604):
[3] Combining ProVerif and Automated Theorem Provers for Security Protocol Verification
Li, Di Long
Tiu, Alwen
AUTOMATED DEDUCTION, CADE 27, 2019, 11716 : 354 - 365
[4] Security analysis of the OpenID Connect protocol integration with an OpenStack cloud using an external IdP
Batista, Glauber Cassiano
Miers, Charles Christian
PROCEEDINGS OF THE 2016 XLII LATIN AMERICAN COMPUTING CONFERENCE (CLEI), 2016,
[5] Automatic analyzer for security protocol verification
Li, Xie-Hua
Yang, Shu-Tang
Li, Jian-Hua
Zhu, Hong-Wen
WMSCI 2006: 10TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL II, PROCEEDINGS, 2006, : 104 - 109
[6] Formal Verification of Security Protocols: ProVerif and Extensions
Yao, Jiangyuan
Xu, Chunxiang
Li, Deshun
Lin, Shengjun
Cao, Xingcan
ARTIFICIAL INTELLIGENCE AND SECURITY, ICAIS 2022, PT II, 2022, 13339 : 500 - 512
[7] SoK: Single Sign-On Security - An Evaluation of OpenID Connect
Mainka, Christian
Mladenov, Vladislav
Schwenk, Joerg
Wich, Tobias
2017 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P), 2017, : 251 - 266
[8] Using externals IdPs on OpenStack: A security analysis of OpenID Connect, Facebook Connect, and OpenStack authentication
Batista, Glauber C.
Pillon, Mauricio A.
Koslovski, Guilherme P.
Miers, Charles C.
Gonzalez, Nelson Mimura
Simplicio, Marcos A., Jr.
PROCEEDINGS 2018 IEEE 32ND INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2018, : 920 - 927
[9] OAuthGuard: Protecting User Security and Privacy with OAuth 2.0 and OpenID Connect
Li, Wanpeng
Mitchell, Chris J.
Chen, Thomas
PROCEEDINGS OF THE 5TH ACM WORKSHOP ON SECURITY STANDARDISATION RESEARCH WORKSHOP (SSR '19), 2019, : 35 - 44
[10] The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines
Fett, Daniel
Kuesters, Ralf
Schmitz, Guido
2017 IEEE 30TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF), 2017, : 189 - 202

← 1 2 3 4 5 →