Abstract
OpenID Connect protocol is widely used today, and it is one of the newest Single Sign-On protocols in authentication. At present, a lot of people are deeply focused on the researches of the security analysis of it. In this paper, we aimed at analyzing the authentication of OpenID Connect protocol by getting the message term of it through its authentication message flow, then formalizing it with Blanchet calculus in computational model, and finally transforming the model into the syntax of CryptoVerif, generate the CryptoVerif inputs in the form of channels Front-end, and import the syntax into the mechanized tool CryptoVerif to analyze its authentication. The result shows that OpenID Connect protocol has no authentication between the End-User and Authorization Server, Token Endpoint can’t authenticate Client, while Client can authenticate Token Endpoint.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sakimura N, Bradley J, Jones M, et al. OpenID Connect Core 1.0. (2014-11-08). http://openid.net/specs/openid-connect-core-1_0.html
Hardt D. The OAuth 2.0 Authorization Framework. IETF. RFC 6749. http://tools.ietf.org/html/rfc6749
Siriwardena P. Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE. Apress Media, 2014:181-200
Mladenov V, Mainka C, Krautwald J, et al. On the security of modern Single Sign-On Protocols – OpenID Connect 1.0. eprint arXiv,2015
Xue R, Lei X F. Security Protocol: The soul of information security – The latest research and development of the analysis of security protocol. Proceedings of the Chinese academy of sciences, 2011, 26(3):287-296
Alireza P S, Joao P S. Authentication, authorization and auditing for ubiquitous computing: a survey and vision. DOI: 10.1504/IJSSC.2011.039107:59-67
Xiaoping C, Stephane M. Formally testing the protocol performances. DOI: 10.1504/IJSSC.2015.069197:76-88
Xi S, ZhengTao J, MeiRong Z, Yumin W. Versatile identity-based signatures for authentication in multi-user settings. http://dx.doi.org/10.1504/IJGUC.2014.062905
Yan R, Hongbin W, Jiali D, Liqiong M. Code-based authentication with designated verifier. http://dx.doi.org/10.1504/IJGUC.2016.073779
Danai C, Christopher M. Security challenges in the internet of things. DOI: 10.1504/IJSSC.2015.070945:141-149
Fett D, KĂĽsters R, Schmitz G. A Comprehensive Formal Security Analysis of OAuth 2.0, eprint arXiv, 2016
Li W P, Mitchell C J. Addressing threats to real-world identity management systems, ISSE 2015:251-259
Li W P, Mitchell C J. Analysing the Security of Google’s implementation of OpenID Connect. eprint arXiv, 2015
Mainka C, Mladenov V, Schwenk J. On the security of modern Single Sign-On Protocols – Second-Order Vulnerabilities in OpenID Connect, eprint arXiv, 2016
Blanchet B. A Computationally Sound Mechanized Prover for Security Protocols. IEEE Symposium on Security&Privacy, Oakland, California, May 2006. 140-154
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhang, J., Lu, J., Wan, Z., Li, J., Meng, B. (2017). Security Analysis of OpenID Connect Protocol with Cryptoverif in the Computational Model. In: Xhafa, F., Barolli, L., Amato, F. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 1. Springer, Cham. https://doi.org/10.1007/978-3-319-49109-7_90
Download citation
DOI: https://doi.org/10.1007/978-3-319-49109-7_90
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49108-0
Online ISBN: 978-3-319-49109-7
eBook Packages: EngineeringEngineering (R0)