Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Automatic Verification of Security of OpenID Connect Protocol with ProVerif

  • Conference paper
  • First Online:
Advances on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC 2016)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 1))

  • 1771 Accesses

Abstract

Owning to the widely deployment of OpenID Connect protocol in the important applications, in order to provide a strong confidence in its security for the people, in this study, we firstly review OpenID Connect protocol. And then, we use the formal language: Applied PI calculus to model OpenID Connect protocol and provide a security analysis with the automatic tool ProVerif. Finally, we find it does not have the secrecy and have some authentications. We present some approaches to address the security problems in OpenID Connect protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ronak R.Patel,Bhavesh O.Enhance OpenID Protocol in identity Management.International Journal of Application or Innovation in Engineering &Management.Vol.2,No.4,Apr. 2013: 248-252

    Google Scholar 

  2. Nat S., John B., Michael J.,Breno D M.,Mortimore C.. OpenID Connect Core 1.0, 2014.http://OpenID.net/specs/OpenID-connect-core-1_0.html.

  3. Dick Hardt. The OAuth 2.0 authorization framework. October 2012.http://tools.ietf.org/html/rfc6749.

  4. David R.,Brad F. . OpenID Authentication 2.0 - Final, 2007. http://OpenID.net/specs/OpenID-authentication-2_0.html

  5. Alireza P S., Joao P S. Authentication, authorization and auditing for ubiquitous computing: a survey and vision. International Journal of Space-Based and Situated Computing.Vol.1 No.1,2011:59-67

    Google Scholar 

  6. Google OpenID Connect 1.0, 2015. https://developers.google.com/accounts/docs/OpenIDConnect.

  7. Microsoft OpenID Connect, 2014. https://msdn.microsoft.com/en-us/library/azure/dn6455

  8. PayPal OpenID Connect 1.0, 2014. https://developer.paypal.com/docs/integration/direct/identity/log-in-with-paypal

  9. Blanchet B. Automatic proof of strong secrecy for security protocols//Proceeding of the 2004 IEEE Symposium on Security and privacy,California,2004:86-100

    Google Scholar 

  10. Wanpeng L. and Chris J M. Analysing the Security of Google’s implementation of OpenID Connect. Information Security Group, Royal Holloway, University of LondonTW20 0EX.Aug.2015:1-27

    Google Scholar 

  11. Guangye S., Mohamed M. FASER (Formal and Automatic Security Enforcement by Rewriting) by BPA algebra with test. International Journal of Grid and Utility Computing.Vol4,No.2-3,2013:204-211

    Google Scholar 

  12. Blanchet B. An efficient cryptographic protocol verifier based on prolog rules//Proceeding of the 14th IEEE Computer Security Foundations Workshop, Cape Breton,2011:82-96

    Google Scholar 

  13. OpenID Connect Core 1.0 incorporating errata set 1. http://OpenID.net/specs/OpenID-connect-core-1_0.html#toc

  14. Terry B., Brian L., Thomas S., John S.,Gautam K.. An example of the use of Public Health Grid (PHGrid) technology during the 2009 H1N1 influenza pandemic. International Journal of Grid and Utility Computing.Vol.4,No.2-3,(2013):148-155

    Google Scholar 

  15. Abadi M.,Fournet C.Mobile values,new names, and secure communication//Proceeding of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages,London,2001:104-115

    Google Scholar 

  16. Alessandro B. Gerardo. Federico T. Secure and efficient design of software block cipher implementations on microcontrollers. International Journal of Grid and Utility Computing.vol.4,No.2-3,2013:110-118

    Google Scholar 

  17. N. Bharadiya B.,Soumyadev M., R.C. Hansdah. An authentication protocol for vehicular ad hoc networks with heterogeneous anonymity requirements. International Journal of Space-Based and Situated Computing.Vol.4,No.1,2014:1-14

    Google Scholar 

  18. David M.,Herve G. Security in wireless sensor networks: a survey of attacks and countermeasures. International Journal of Space-Based and Situated Computing.Vol.1,No.2-3,2011:151-162

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, South-Central University for Nationalities, MinYuan Road #708, HongShan Section, Wuhan, 430074, Hubei, China

    Jintian Lu, Jinli Zhang, Jing Li & Bo Meng

  2. School of Netcenter, Jianghan University, SanJiaoHu Road #8, CaiDian Section, Wuhan, 430056, Hubei, China

    Zhongyu Wan

Authors
  1. Jintian Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinli Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhongyu Wan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bo Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bo Meng .

Editor information

Editors and Affiliations

  1. Campus Nord,Ed. Omega (Room 109), Technical University of Catalonia Campus Nord,Ed. Omega (Room 109), Barcelona, Spain

    Fatos Xhafa

  2. Fukuoka Institute of Technology , Fukuoka, Japan

    Leonard Barolli

  3. Federico II, Università degli Studi di Napoli Federico II, Napoli, Italy

    Flora Amato

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Lu, J., Zhang, J., Li, J., Wan, Z., Meng, B. (2017). Automatic Verification of Security of OpenID Connect Protocol with ProVerif. In: Xhafa, F., Barolli, L., Amato, F. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 1. Springer, Cham. https://doi.org/10.1007/978-3-319-49109-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49109-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49108-0

  • Online ISBN: 978-3-319-49109-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation