Automatic Verification of Security of Identity Federation Security Protocol Based on SAML2.0 with ProVerif in the Symbolic Model

In recent years, several Identity Federation security protocols have been introduced to enhance the security of Identity authentication. Owning to the complexity, assessing security of Identity Federation security protocols has becoming a hot issue. Hence, in this study, we firstly review the development of formal methods on Identity Federation Security Protocol Based on SAML. And then, an Identity Federation Security Protocol Based on SAML is formalized with Applied PI calculus. After that, the formal model is translated into the inputs of ProVerif. Finally, we run ProVerif to analyze the security properties of Identity Federation Security Protocol Based on SAML. The result shows it has not secrecy, but it has some authentications. At the same time, we present a solution to address the security problems.

[1]  Corrado Moiso,et al.  Towards Security Analyses of an Identity Federation Protocol for Web Services in Convergent Networks , 2007, The Third Advanced International Conference on Telecommunications (AICT'07).

[2]  Zhong Shao,et al.  Automated Resource Analysis with Coq Proof Objects , 2017, CAV.

[3]  Mazdak Zamani,et al.  A survey on security issues of federated identity in the cloud computing , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[4]  Andrej Bauer,et al.  The HoTT library: a formalization of homotopy type theory in Coq , 2016, CPP.

[5]  Mohamed Abdallah Elakrat,et al.  Development of field programmable gate array–based encryption module to mitigate man-in-the-middle attack for nuclear power plant data communication network , 2018, Nuclear Engineering and Technology.

[6]  Alessandro Armando,et al.  An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations , 2013, Comput. Secur..

[7]  Samir Saklikar,et al.  Identity Federation for VoIP systems , 2010, J. Comput. Secur..

[8]  Ying Wang,et al.  An Improved Privacy Protection Security Protocol Based on NFC , 2017, Int. J. Netw. Secur..

[9]  Min-Shiang Hwang,et al.  Downlink Relay Selection Algorithm for Amplify-and-Forward Cooperative Communication Systems , 2013, 2013 Seventh International Conference on Complex, Intelligent, and Software Intensive Systems.

[10]  Fagen Li,et al.  Medical Image Encryption Scheme Based on Arnold Transformation and ID-AK Protocol , 2017, Int. J. Netw. Secur..

[11]  Chin-Chen Chang,et al.  A Secure and Efficient Mutual Authentication and Key Agreement Protocol with Smart Cards for Wireless Communications , 2018, Int. J. Netw. Secur..

[12]  Jayesh Patel,et al.  EncryScation: An Secure Approach for Data Security Using Encryption and Obfuscation Techniques for IaaS and DaaS Services in Cloud Environment , 2017 .

[13]  Ghizlane Orhanou,et al.  New Protocol E-DNSSEC to Enhance DNSSEC Security , 2018, Int. J. Netw. Secur..

[14]  Jing Li,et al.  Formal Analysis of SDN Authentication Protocol with Mechanized Protocol Verifier in the Symbolic Model , 2018, Int. J. Netw. Secur..

[15]  Albert Y. Zomaya,et al.  Secure and Sustainable Load Balancing of Edge Data Centers in Fog Computing , 2018, IEEE Communications Magazine.

[16]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[17]  Ron Poet,et al.  Dynamic Identity Federation Using Security Assertion Markup Language (SAML) , 2013, IDMAN.

[18]  Christoforos N. Hadjicostis,et al.  Distributed Calculation of Edge-Disjoint Spanning Trees for Robustifying Distributed Algorithms Against Man-in-the-Middle Attacks , 2018, IEEE Transactions on Control of Network Systems.

[19]  Andrés Marín López,et al.  Enabling SAML for Dynamic Identity Federation Management , 2009, WMNC/PWC.

[20]  Bo An,et al.  Optimal Personalized Defense Strategy Against Man-In-The-Middle Attack , 2017, AAAI.

[21]  Min-Shiang Hwang,et al.  SecureDropbox: a file encryption system suitable for cloud storage services , 2013, CAC.

[22]  Félix Gómez Mármol,et al.  To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management , 2014, Wirel. Pers. Commun..

[23]  Tanupriya Choudhury,et al.  Comparative Analysis of Authentication and Access Control Protocols Against Malicious Attacks in Wireless Sensor Networks , 2018 .