Ferdous, M. S. and Poet, R. (2017) Formalising Identity Management Protocols. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, New Zealand, 12-14 Dec 2016, pp. 137-146. ISBN 9781509043798 (doi: 10.1109/PST.2016.7906948)
|
Text
141689.pdf 304kB |
Abstract
In this paper we present the formalisation of three well-known Identity Management protocols - SAML, OpenID and OAuth. The formalisation consists of two steps: formal specification using HLPSL (High-Level Protocol Specification Language) and formal verification using a state-of-the-art verification tool for security protocols called AVISPA (Automated Validation of Internet Security Protocols and Applications). The existing formalisation initiatives using AVISPA are based on SAML and OpenID, leaving OAuth entirely, even though OAuth is one of the most widely-used Internet protocols. Furthermore, the motivation of the existing initiatives was to identify any weakness. In this paper, we have taken an opposite approach as we are keen to present how to model these protocols correctly. Moreover, our formalisation is based on a model of identity and also captures the authentication mechanism; both of these are missing in the existing works.
| Item Type: | Conference Proceedings |
|---|---|
| Status: | Published |
| Refereed: | Yes |
| Glasgow Author(s) Enlighten ID: | Ferdous, Mr MD SADEK and Poet, Dr Ron |
| Authors: | Ferdous, M. S., and Poet, R. |
| College/School: | College of Science and Engineering > School of Computing Science |
| ISBN: | 9781509043798 |
| Published Online: | 24 April 2017 |
| Copyright Holders: | Copyright © 2016 IEEE |
| First Published: | First published in 2016 14th Annual Conference on Privacy, Security and Trust (PST): 137-146 |
| Publisher Policy: | Reproduced in accordance with the publisher copyright policy |
University Staff: Request a correction | Enlighten Editors: Update this record
Deposit and Record Details
Deposit and Record Details