Formal Security Analysis of OpenID with GBA Protocol

The paper presents the formal security analysis of 3GPP standardized OpenID with Generic Bootstrapping Architecture protocol which allows phone users to use OpenID services based on SIM credentials. We have used an automatic protocol analyzer to prove key security properties of the protocol. Additionally, we have analyzed robustness of the protocol under several network attacks and different threat models (e.g., compromised OP, user entity). The result shows the protocol is secure against key security properties under specific security settings and trust assumptions.

[1]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[2]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[3]  Norbert Pohlmann,et al.  Security Analysis of OpenID, followed by a Reference Implementation of an nPA-based OpenID Provider , 2010, ISSE.

[4]  S. J. Knapskog,et al.  Identity and Privacy in the Internet Age , 2009 .

[5]  Manuel Urueña,et al.  Analysis of a Privacy Vulnerability in the OpenID Authentication Protocol , 2010 .

[6]  Bogdan Warinschi,et al.  A Modular Security Analysis of the TLS Handshake Protocol , 2008, ASIACRYPT.

[7]  Jörg Schwenk,et al.  Security Analysis of OpenID , 2010, Sicherheit.

[8]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  Peeter Laud,et al.  Formal Analysis of the Estonian Mobile-ID Protocol , 2009, NordSec.

[10]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[11]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[12]  Valtteri Niemi,et al.  Cellular Authentication for Mobile and Internet Services , 2008 .

[13]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[14]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[19]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[20]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[21]  Jari Arkko,et al.  Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) , 2002, RFC.

[22]  Ahmad-Reza Sadeghi,et al.  Universally Composable Security Analysis of TLS , 2008, ProvSec.

[23]  Lawrence C. Stewart,et al.  An Extension to HTTP : Digest Access Authentication , 1997, RFC.