Automatic Verification of Security of OpenID Connect Protocol with ProVerif

Lu, Jintian; Zhang, Jinli; Li, Jing; Wan, Zhongyu; Meng, Bo

doi:10.1007/978-3-319-49109-7_20

Cited by 6 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been several studies about security verification of standardized cryptographic protocols with formal methods. ProVerif and CryptoVerif [18] have been used to verify other standardized protocols such as ZRTP [19], SN-MPv3 [20], mutual authentication protocol for GSM [21], LTE [22], OpenID Connect protocol [23], and others. Cremers and Horvat [8] verified 30 key exchange protocols standardized in ISO/IEC 11770-2 [9] and ISO/IEC 11770-3 [10] with automated security verification tool Scyther [11], and found some spoofing attacks.…”

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Noguchi

Hanatani

Yoneyama

2021

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a replay attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option.

show abstract

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Noguchi

Hanatani

Yoneyama

2021

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…There have been several studies about security verification of standardized cryptographic protocols with formal methods. ProVerif and CryptoVerif [17] have been used to verify other standardized protocols such as ZRTP [18], SNMPv3 [19], mutual authentication protocol for GSM [20], LTE [21], OpenID Connect protocol [22], and others. Cremers and Horvat [7] verified 30 key exchange protocols standardized in ISO/IEC 11770-2 [8] and ISO/IEC 11770-3 [9] with automated security verification tool Scyther [10], and found some spoofing attacks.…”

Section: Related Workmentioning

confidence: 99%

Verification of Group Key Management of IEEE 802.21 using ProVerif

Noguchi

Hanatani

Yoneyama

2020

Proceedings of the 7th ACM Workshop on ASIA Public-Key Cryptography

View full text Add to dashboard Cite

Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a reply attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option. CCS CONCEPTS • Security and privacy → Logic and verification.

show abstract

Inter‐cloud secure data sharing and its formal verification

Zhang

Yang

et al. 2021

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

With the development of cloud computing, data sharing and collaboration have become increasing among cloud‐oriented organizations. In addition to trivial management work, data providers face many difficulties in managing access control policies in cloud data sharing, to prevent permission abuse and information leakage. This article mainly answers the following question: is it possible to achieve verifiably secure inter‐cloud data sharing? This article proposes an inter‐cloud data sharing (ICDS) approach based on ciphertext‐policy attribute‐based encryption (CP‐ABE) to ensure the security of ICDS. The security properties that ICDS holds are formally verified, where the information flow rules are defined and used in the verification. The information flow of the proposed ICDS is firstly modeled by use of high‐level Petri nets (HLPN) formally, then being represented in Z language, and at last the security properties of ICDS are verified by the Z3 solver. The formal analysis proves that the ICDS holds the security properties of confidentiality, authenticity, and collusion‐resistance.

show abstract

Automatic Verification of Security of OpenID Connect Protocol with ProVerif

Cited by 6 publications

References 9 publications

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Verification of Group Key Management of IEEE 802.21 Using ProVerif

Verification of Group Key Management of IEEE 802.21 using ProVerif

Inter‐cloud secure data sharing and its formal verification

Contact Info

Product

Resources

About