Automatic Verification of Security of OpenID Connect Protocol with ProVerif

被引:5
|
作者
Lu, Jintian [1 ]
Zhang, Jinli [1 ]
Li, Jing [1 ]
Wan, Zhongyu [2 ]
Meng, Bo [1 ]
机构
[1] South Cent Univ Nationalities, Sch Comp, MinYuan Rd 708,HongShan Sect, Wuhan 430074, Hubei, Peoples R China
[2] Jianghan Univ, School Netctr, SanJiaoHu Rd 8,CaiDian Sect, Wuhan 430056, Hubei, Peoples R China
来源
ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING | 2017年 / 1卷
关键词
D O I
10.1007/978-3-319-49109-7_20
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Owning to the widely deployment of OpenID Connect protocol in the important applications, in order to provide a strong confidence in its security for the people, in this study, we firstly review OpenID Connect protocol. And then, we use the formal language: Applied PI calculus to model OpenID Connect protocol and provide a security analysis with the automatic tool ProVerif. Finally, we find it does not have the secrecy and have some authentications. We present some approaches to address the security problems in OpenID Connect protocol.
引用
收藏
页码:209 / 220
页数:12
相关论文
共 50 条
  • [21] Formal Verification of Divide and Conquer Key Distribution Protocol Using ProVerif and TLA+
    Dewoprabowo, Ridhwan
    Arzaki, Muhammad
    Rusmawati, Yanti
    2018 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE AND INFORMATION SYSTEMS (ICACSIS), 2018, : 451 - 458
  • [22] How Securely Are OAuth/OpenID Connect Implemented in Japan?
    Saito, Takamichi
    Kikuta, Tsubasa
    Koshiba, Rikita
    ADVANCES ON BROAD-BAND WIRELESS COMPUTING, COMMUNICATION AND APPLICATIONS, 2020, 97 : 800 - 811
  • [23] Smart OpenID: A Smart Card Based OpenID Protocol
    Leicher, Andreas
    Schmidt, Andreas U.
    Shah, Yogendra
    INFORMATION SECURITY AND PRIVACY RESEARCH, 2012, 376 : 75 - 86
  • [24] User Access Privacy in OAuth 2.0 and OpenID Connect
    Li, Wanpeng
    Mitchell, Chris J.
    2020 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2020), 2020, : 664 - 672
  • [25] Abstractions for security protocol verification
    Binh Thanh Nguyen
    Sprenger, Christoph
    Cremers, Cas
    JOURNAL OF COMPUTER SECURITY, 2018, 26 (04) : 459 - 508
  • [26] Analyzing Privacy Implications and Security Vulnerabilities in Single Sign-On Systems: A Case Study on OpenID Connect
    Al Shabi, Mohammed
    Marie, Rashiq Rafiq
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (04) : 637 - 646
  • [27] Abstractions for security protocol verification
    Nguyen, Binh Thanh
    Sprenger, Christoph
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2015, 9036 : 196 - 215
  • [28] Mobile Personal Identity Provider Based on OpenID Connect
    Lo Iacono, Luigi
    Gruschka, Nils
    Nehren, Peter
    TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS, TRUSTBUS 2017, 2017, 10442 : 19 - 31
  • [29] POSIX access to remote storage via OpenID Connect
    Fornari, Federico
    Alkhansa, Ahmad
    Costantini, Alessandro
    Pellegrino, Carmelo
    Salomoni, Davide
    26TH INTERNATIONAL CONFERENCE ON COMPUTING IN HIGH ENERGY AND NUCLEAR PHYSICS, CHEP 2023, 2024, 295
  • [30] Performance Evaluation of OpenID Connect for an IoT Information Marketplace
    Blazquez, Alberto
    Tsiatsis, Vlasios
    Vandikas, Konstantinos
    2015 IEEE 81ST VEHICULAR TECHNOLOGY CONFERENCE (VTC SPRING), 2015,
12345