A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification

Huy, Quoc; Hosseyni, Pedram; Küsters, Ralf; Schmitz, Guido; Wenzler, Nils; Würtele, Tim

doi:10.1109/sp46214.2022.9833681

Cited by 5 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proof. This directly follows from Lemmas E.15 and E.17, and Lemmas E. 16 For a run 𝜌 of a GNAP web system GWS we say that a browser 𝑏 was authenticated to a client instance 𝑐 using an authorization server as and an identity 𝑢 in a GNAP flow identified by a nonce gid in a processing step 𝑄 in 𝜌 with…”

Section: E6 Theoremmentioning

confidence: 97%

“…Our model builds on the Web Infrastructure Model (WIM) of Fett, Küsters, and Schmitz, which was introduced in [23], and has since been extended and improved in later work [16,21,[24][25][26]28].Our analysis is based on a consolidated version of the WIM [29]. We here only give a brief description of the WIM, sufficient to follow the paper, but all details can be found in [29].…”

Section: Wimmentioning

confidence: 99%

“…To date, the WIM is the most detailed and expressive model of Web infrastructure, and as already mentioned, has successfully been used to analyze a variety of protocols, including several in the OAuth family ([21, 26, 28]), as well as Mozilla Browser ID [23,24] and the W3C Web Payment APIs [16]. All of the analyses using the WIM, including ours, rely on manual proofs.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

The Grant Negotiation and Authorization Protocol: Attacking, Fixing, and Verifying an Emerging Standard

Helmschmidt,

Hosseyni,

Küsters

et al. 2024

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The Grant Negotiation and Authorization Protocol (GNAP) is an emerging authorization and authentication protocol which aims to consolidate and unify several use-cases of OAuth 2.0 and many of its common extensions while providing a higher degree of security. OAuth 2.0 is an essential cornerstone of the security of authorization and authentication for the Web, IoT, and beyond, and is used, among others, by many global players, like Google, Facebook, and Microsoft. Because of historically grown limitations and issues of OAuth 2.0 and its various extensions, prominent members of the OAuth community decided to create GNAP, a new and completely resigned authorization and authentication protocol. Given GNAP's advantages over OAuth 2.0 and its support within the OAuth community, GNAP is expected to become at least as important as OAuth 2.0.In this paper, we present the first formal security analysis of GNAP. We build a detailed formal model of GNAP, based on the Web Infrastructure Model (WIM) of Fett, Küsters, and Schmitz. Based on this model, we provide formal statements of the key security properties of GNAP, namely, authorization, authentication, and session integrity for both authorization and authentication. In the process of trying to prove these properties, we have discovered several attacks on GNAP. We present these attacks as well as modifications to the protocol that prevent them. These modifications have been incorporated into the GNAP specification after discussion with the GNAP working group. We give the first formal security guarantees for GNAP, by proving that GNAP, with our modifications applied, satisfies the mentioned security properties.GNAP was still an early draft when we started our analysis, but is now on track to be adopted as an IETF standard. Hence, our analysis is just in time to help ensure the security of this important emerging standard. 1 start authorization request start authorization request eu-req 2 request access to request access to resource 𝑟 resource 𝑟 grantReq 3 interaction needed interaction needed grantResp 4 push notification push notification interaction-start 5 authentication + authorization of request authentication + authorization of request ro-authn-authz 6 interaction finish notification interaction finish notification interaction-finish 7 continue continue contReq 9 access token AT access token AT contResp 10 resource request using AT resource request using AT resReq 11 token introspection of AT token introspection of AT introReq 12 token is valid token is valid introResp 13 provide access to resource 𝑟 provide access to resource 𝑟 resResp Result Result 1 start grant with AS start grant with AS eu-init-grant 2 start grant with AS start grant with AS att-init-grant 3 grant request for access to 𝑟 grant request for access to 𝑟 grant-req includes redirectUri CI includes redirectUri CI 4 redirectUri AS redirectUri AS as-grant-res 5 redirect to redirectUri AS redirect to redirectUri AS att-grant-res 6 redirect to redirectUri AS redirect to redirectUri AS att-interaction-start ...

show abstract

Section: E6 Theoremmentioning

confidence: 97%