Automatic Verification of Security of OpenID Connect Protocol with ProVerif

被引:5
|
作者
Lu, Jintian [1 ]
Zhang, Jinli [1 ]
Li, Jing [1 ]
Wan, Zhongyu [2 ]
Meng, Bo [1 ]
机构
[1] South Cent Univ Nationalities, Sch Comp, MinYuan Rd 708,HongShan Sect, Wuhan 430074, Hubei, Peoples R China
[2] Jianghan Univ, School Netctr, SanJiaoHu Rd 8,CaiDian Sect, Wuhan 430056, Hubei, Peoples R China
来源
ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING | 2017年 / 1卷
关键词
D O I
10.1007/978-3-319-49109-7_20
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Owning to the widely deployment of OpenID Connect protocol in the important applications, in order to provide a strong confidence in its security for the people, in this study, we firstly review OpenID Connect protocol. And then, we use the formal language: Applied PI calculus to model OpenID Connect protocol and provide a security analysis with the automatic tool ProVerif. Finally, we find it does not have the secrecy and have some authentications. We present some approaches to address the security problems in OpenID Connect protocol.
引用
收藏
页码:209 / 220
页数:12
相关论文
共 50 条
  • [31] A Dynamic Federated Identity Management Using OpenID Connect
    Alsadeh, Ahmad
    Yatim, Nasri
    Hassouneh, Yousef
    FUTURE INTERNET, 2022, 14 (11):
  • [32] The security limitations of SSO in OpenID
    Oh, Hyun-Kyung
    Jin, Seung-Hun
    10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES, 2008, : 1608 - +
  • [33] Automatic verification of security properties in remote internet voting protocol with applied Pi calculus
    Meng B.
    Huang W.
    Li Z.
    Wang D.
    International Journal of Digital Content Technology and its Applications, 2010, 4 (07)
  • [34] Extending OpenID Connect Towards Mission Critical Applications
    Deeptha, R.
    Mukesh, Rajeswari
    CYBERNETICS AND INFORMATION TECHNOLOGIES, 2018, 18 (03) : 93 - 110
  • [35] Improving OpenID Connect federation's interoperability with web semantics
    Weingartner, Rafael
    Pereira Martins, Pedro Henrique
    Salvadori, Ivan Luiz
    Westphall, Carla Merkle
    Siqueira, Frank
    2017 IEEE/ACS 14TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2017, : 1269 - 1276
  • [36] Automatic Verification of Simulatability in Security Protocols
    Araragi, Tadashi
    Pereira, Olivier
    FOURTH INTERNATIONAL SYMPOSIUM ON INFORMATION ASSURANCE AND SECURITY, PROCEEDINGS, 2008, : 275 - +
  • [37] Formal automatic verification of security protocols
    Xiao, Meihua
    Xue, Jinyun
    2006 IEEE INTERNATIONAL CONFERENCE ON GRANULAR COMPUTING, 2006, : 566 - +
  • [38] Automatic verification of correspondences for security protocols
    Blanchet, Bruno
    JOURNAL OF COMPUTER SECURITY, 2009, 17 (04) : 363 - 434
  • [39] Methodological Security Verification of a Registration Protocol
    Diaz, Jesus
    Arroyo, David
    Rodriguez, Francisco B.
    INTERNATIONAL JOINT CONFERENCE SOCO'14-CISIS'14-ICEUTE'14, 2014, 299 : 453 - 462
  • [40] Security protocol specification and verification with AnBx
    Bugliesi, Michele
    Calzavara, Stefano
    Modersheim, Sebastian
    Modesti, Paolo
    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2016, 30 : 46 - 63
12345