Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers

Research Article

Formal Security Analysis of OpenID with GBA Protocol

Download
414 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-30244-2_10,
        author={Abu Ahmed and Peeter Laud},
        title={Formal Security Analysis of OpenID with GBA Protocol},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={10},
        keywords={},
        doi={10.1007/978-3-642-30244-2_10}
    }
    
  • Abu Ahmed
    Peeter Laud
    Year: 2012
    Formal Security Analysis of OpenID with GBA Protocol
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-30244-2_10
Abu Ahmed1, Peeter Laud
  • 1: Ericsson Research

Abstract

The paper presents the formal security analysis of 3GPP standardized OpenID with Generic Bootstrapping Architecture protocol which allows phone users to use OpenID services based on SIM credentials. We have used an automatic protocol analyzer to prove key security properties of the protocol. Additionally, we have analyzed robustness of the protocol under several network attacks and different threat models (e.g., compromised OP, user entity). The result shows the protocol is secure against key security properties under specific security settings and trust assumptions.