Conference Paper

Formalising Identity Management Protocols

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In this paper we present the formalisation of three well-known Identity Management protocols - SAML, OpenID and OAuth. The formalisation consists of two steps: formal specification using HLPSL (High-Level Protocol Specification Language) and formal verification using a state-of-the-art verification tool for security protocols called AVISPA (Automated Validation of Internet Security Protocols and Applications). The existing formalisation initiatives using AVISPA are based on SAML and OpenID, leaving OAuth entirely, even though OAuth is one of the most widely-used Internet protocols. Furthermore, the motivation of the existing initiatives was to identify any weakness. In this paper, we have taken an opposite approach as we are keen to present how to model these protocols correctly. Moreover, our formalisation is based on a model of identity and also captures the authentication mechanism; both of these are missing in the existing works.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The formalize identity of the an entity e is: I e = I j e . Here, identity of entity e, denoted as I e , is the union of all partial identities (denoted as I j e ) of e. Similar to the concept of [14], Ferdous and Poet [15] represent identity as a set of partial identities and they formalize the partial identity and identity as follows: for a domain (d), the partial identity of a user (u), where u ∈ U d within d, can be denoted as, parIdent u d = {(a, v)|a ∈ A d , atEntT oV al d (a, u) is def ined and equals v}. Where, U d denotes a set of users, a is a single attribute of u, and v is the value of a. Notation atEntT oV al d is represented as a function of attribute-value pair of an entity in domain d. ...
... In specifying a formal model of IoT identity we follow the approaches discussed in [14], [15] and [26]. The model has the following components: E, A, V , Cnt, P Id and Id (sets of entity, sets of attribute, sets of attribute value, sets of context, sets of partial identity and sets of identity respectively). ...
... Using ProVerif, we will analyse if the protocol of the developed system satisfies the secrecy as well as authentication goals. The secrecy goals check if a secret value truly remains secret while being transmitted between two entities [21]. On the other hand, the authentication goals check the authenticity of two entities while data are being transmitted between them. ...
Article
Full-text available
Federated Identity Management offers numerous economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider’s resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby, mitigating the single point of failure shortcoming of existing identity federations and is designed using a set of requirements. In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.
... Using ProVerif, we will analyse if the protocol of the developed system satisfies the secrecy as well as authentication goals. The secrecy goals checks if a secret value truly remains secret while being transmitter between two entities [20]. On other hand, the authentication goals checks the authenticity of two entities while data are being transmitted between them. ...
Preprint
Federated Identity Management has proven its worth by offering economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider's resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby mitigating the single point of failure shortcoming of existing identity federations. The system is designed using a set of requirements In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.
... AVISPA is a popular security protocol verifier which uses mathematical logic to analyze the security properties of a given protocol. Researchers have used this tool to model and analyze popular security protocols such as SAML and OpenID [29,30]. In AVISPA, the security K. Hasan et al. protocols are specified using a special specification language called High-Level Protocol Specification Language (HLPSL) [31]. ...
Article
In the past few years, blockchain has proven its necessity and unprecedented prospects in providing a secure environment for information exchange between two parties. The integration of the Internet of Things (IoT) with blockchain has enabled a digital transformation in many areas such as healthcare, supply chain, and financial services. Like blockchain, the programmable Software-Defined Network (SDN) is also achieving popularity due to its ability to reduce network management complexity. It is evident that incorporating SDNs with IoT-based healthcare systems can significantly improve healthcare management services. However, there are a number of challenges such as data confidentiality, user-centric design, integrity and privacy that makes it difficult to share sensitive information among different parties in a healthcare system. To overcome these challenges, we propose an architectural framework that incorporates blockchain with Software-Defined Wireless Body Area Networks (SDWBANs) to facilitate secure data sharing. We have also designed and integrated a smart contract based fine-grained access control policy to ensure that only data owners will have full control over their health data. The experimental outcomes show that the proposed model achieves good throughput and incurs a very low overhead in terms of latency compared to traditional cloud-based systems.
... There are other works, as presented in [16,17,18,19], which discuss and present a threat model in lifelogging, mathematical representation of identity and trust issues. Even though they are not strictly related to the scope of current paper, we have drawn motivations on how to model an attack from these works. ...
Article
Full-text available
In this article, we present a model of cyber attacks which can be used to represent a cyber attack in an intuitive and concise way. With ever-increasing popularities of online services, we have seen a growing number of cyber attacks targeted towards large online service providers as well as individuals and the IoT devices. To mitigate these attacks, there is a strong urge to understand their different aspects. Creating a model is a widely used method towards this goal. Unfortunately, the number of models for cyber attacks is pretty low and even the existing models are not comprehensive. In this paper, we aim to fill this gap by presenting a comprehensive cyber attack model. We have used this model to represent a wide range of cyber attacks and shown its applicability and usefulness. We believe that our model will be a useful tool for the formal analysis of cyber attacks.
Chapter
This chapter presents a detailed discussion on modeling and management of identity for the IoT. In a large-scale system like the IoT, it is difficult to predict, in advance, which entities will interact and require access to services and to precisely identify the exact services to which they will seek access. This chapter highlights important questions concerning the nature of identity and identity management for such IoT systems. Further, a formal model of IoT identity covering all its aspects is discussed.
Article
Full-text available
In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor.
Conference Paper
Full-text available
There exist disparate sets of definitions with different se-mantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of iden-tity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabular-ies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the ap-plicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.
Conference Paper
Full-text available
This paper presents a comparative analysis of different at-tribute aggregation models against a set of requirements in the settings of the Federated Identity Management (FIM). There are several attribute aggregation models currently available which allow the user to collate attributes from multiple identity providers (IdP in short) in a single service. These models impose different novel requirements which have never been analysed before and there lacks a thorough analysis of these models that will compare them side-by-side against a set of requirements. We aim to �ll in these gaps in this work. We have formulated a set of trust, functional, security and privacy requirements that are needed for each model and shown the interlink between these requirements. These requirements have been used to compare the models side-by-side in tabular forms which would allow the readers to instantly identify the requirements for each model, the advantages it offers and the weaknesses it has.
Article
Full-text available
A strand is a sequence of events; it represents either the execution of legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand S&Pace is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections between strands of different kinds.In this paper we develop the notion of a strand S&Pace. We then prove a generally useful lemma, as a sample result giving a general bound on the abilities of the penetrator in any protocol. We apply the strand S&Pace formalism to prove the correctness of the Needham-Schroeder-Lowe protocol. Our approach gives a detailed view of the conditions under which the protocol achieves authentication and protects the secrecy of the values exchanged. We also use our proof methods to explain why the original Needham-Schroeder protocol fails.In a report, we have also applied our methods to two other protocols, the Otway-Rees and Yahalom protocols, and have unearthed fine points about the conditions for their validity.We believe that our approach is distinguished from other work on protocol verification by the simplicity of the model and the ease of producing intelligible and reliable proofs of protocol correctness even without automated support.
Article
Full-text available
The SAML V2.0 Assertions and Protocols specification defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. This document, known as an "errata composite", combines corrections to reported errata with the original specification text. By design, the corrections are limited to clarifications of ambiguous or conflicting specification text. This document shows deletions from the original specification as struck-through text, and additions as colored underlined text. The "[Enn]" designations embedded in the text refer to particular errata and their dispositions.
Conference Paper
Full-text available
AVISPA is a push-button tool for the automated validation of Internet security-sensitive protocols and applications. It provides a modular and expressive formal language for specifying protocols and their security properties, and integrates different back-ends that implement a variety of state-of-the-art automatic analysis techniques. To the best of our knowledge, no other tool exhibits the same level of scope and robustness while enjoying the same performance and scalability.
Article
Full-text available
Most federated identity management systems are limited by users' ability to choose only one identity provider per service session. A proposed linking service lets users securely link their various identity provider (IdP) accounts, enabling the system to aggregate attributes from multiple authoritative sources automatically without requiring users to authenticate separately to each IdP.
Conference Paper
Full-text available
Single-Sign-On (SSO) protocols enable companies to estab- lish a federated environment in which clients sign in the system once and yet are able to access to services oered by dierent companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Prole is the emerg- ing standard in this context. In this paper we provide for- mal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security proto- cols. SATMC has revealed a severe security aw in the pro- tocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security aw of the SAML-based SSO for Google Applications was previously unknown.
Conference Paper
Full-text available
. To have certainty about identities is crucial for secure communication in digital environments. The number of digital identities that people and organizations need to manage is rapidly increasing, and proper management of these identities is essential for maintaining security in online markets and communities. Traditional Identity Management Systems are designed to facilitate the management of identities from the perspective of the service provider, but provide little support on the user side. The difficulty of managing identities on the user side causes vulnerabilities that open up for serious attacks such as identity theft and Phishing. Petname Systems have been proposed to provide more user friendly and secure identity management on the user side. This paper provides an analysis of the Petname Model by describing its history and background, properties, application domains and usability issues with emphasis on Security Usability. By covering a broad set of aspects, this paper is intended to provide a comprehensive reference for the Petname System.
Conference Paper
Full-text available
A strand is a sequence of events; it represents either the execution of an action by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections between strands of different kinds. In this paper, we develop the notion of a strand space. We then prove a generally useful lemma, as a sample result giving a general bound on the abilities of the penetrator in any protocol. We apply the strand space formalism to prove the correctness of the Needham-Schroeder-Lowe protocol (G. Lowe, 1995, 1996). Our approach gives a detailed view of the conditions under which the protocol achieves authentication and protects the secrecy of the values exchanged. We also use our proof methods to explain why the original Needham-Schroeder (1978) protocol fails. We believe that our approach is distinguished from other work on protocol verification by the simplicity of the model and the ease of producing intelligible and reliable proofs of protocol correctness even without automated support
Article
The temporal logic of actions (TLA) is a logic for specifying and reasoning about concurrent systems. Systems and their properties are represented in the same logic, so the assertion that a system meets its specification and the assertion that one system implements another are both expressed by logical implication. TLA is very simple; its syntax and complete formal semantics are summarized in about a page. Yet, TLA is not just a logician's toy; it is extremely powerful, both in principle and in practice. This report introduces TLA and describes how it is used to specify and verify concurrent algorithms. The use of TLA to specify and reason about open systems will be described elsewhere.
Conference Paper
Digital identities represent who we are when engaging in online activities and transactions. The rapid growth in the number of online services leads to in an increasing number of different identities that each user needs to manage. As a result, many people feel overloaded with identities and suffer from password fatigue. This is a serious problem and makes people unable properly control and protect their digital identities against identity theft. This paper discusses the usability and privacy in online identity management solutions, and proposed a general approach for making users better able to control and manage their digital identities, as well as for creating more secure identity management solutions. More specifically, we propose a user-centric approach based on hardware and software technology on the user-side with the aim of assisting users when accessing online services.
Conference Paper
Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method.
Article
Authentication protocols are the basis of security in many distributed systems, and it is therefore essential to ensure that these protocols function correctly. Unfortunately, their design has been extremely error prone. Most of the protocols found in the literature contain redundancies or security flaws. A simple logic has allowed us to describe the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication. We have been able to explain a variety of authentication protocols formally, to discover subtleties and errors in them, and to suggest improvements. In this paper, we present the logic and then give the results of our analysis of four published protocols, chosen either because of their practical importance or because they serve to illustrate our method.
URI : text, KU : public_key, A : text set 22 const rs_rp_profile,rp_rs_n5,u_rp_resource,app_rp_authzresp : protocol_id 23 init 24 State
  • State
  • Uname Id
State,N5 : nat, ID,UName,URI : text, KU : public_key, A : text set 22 const rs_rp_profile,rp_rs_n5,u_rp_resource,app_rp_authzresp : protocol_id 23 init 24 State:=1 25 transition 26
AuthZResp : message)
  • Authzreq
AuthZReq,AuthZResp : message)
Security evaluation of the OpenID protocol
  • A Lindholm
Lindholm, A.. Security evaluation of the OpenID protocol. MSc. Thesis, KTH. Accessed on 1 June, 2016.
AuthZResp) 78 end role 79 80 role enviroment() 81 def= 82 const u_as_n1,u_as_n3,u_as_uname,u_as_pass,u_as_authzgrant,rs_rp_profile,rp_rs_n4,u_rp_resource, as_rs_accesstoken,as_rs_n4,rp_rs_n5,app_rp_authzresp: protocol_id
  • Rp As
  • Rs App
  • Ku
  • Krp
  • Kas
  • Kapp
  • Krs
  • Rappu Sappu
  • Rapprp Sapprp
  • Rappas Sappas
  • Rapprs Sapprs
  • Accesstoken
  • Authzgrant
  • Authzreq Profile
/\ application(U,RP,AS,APP,RS,KU,KRP,KAS,KAPP,KRS,SAPPU,RAPPU,SAPPRP,RAPPRP,SAPPAS,RAPPAS,SAPPRS,RAPPRS,AccessToken,AuthZGrant,PROFILE,AuthZReq,AuthZResp) 78 end role 79 80 role enviroment() 81 def= 82 const u_as_n1,u_as_n3,u_as_uname,u_as_pass,u_as_authzgrant,rs_rp_profile,rp_rs_n4,u_rp_resource, as_rs_accesstoken,as_rs_n4,rp_rs_n5,app_rp_authzresp: protocol_id, 83 u,as,rp,rs,app: agent, ku,kas,krp,krs,kapp,ki: public_key, resource,authzgrant,profile,accesstoken : hash_func, 84 authzreq,authzresp : message 85 intruder_knowledge={u,rp,krp,ki,inv(ki),as,kas,rs,krs,resource} 86 composition 87 session(u,as,i,app,rs,ku,kas,ki,kapp,krs,resource,authzgrant,profile,accesstoken,authzreq,authzresp) 88
Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML)
  • Oasis
  • Standard
OASIS Standard. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. 15
The AVISPA tool for the automated validation of internet security protocols and applications
  • A Armando
  • D Basin
  • Y Boichut
  • Y Chevalier
  • L Compagna
  • J Cuéllar
  • P H Drielsma
  • P Héam
  • O Kouchnarenko
  • J Mantovani
  • Others
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P., Kouchnarenko, O., Mantovani, J. and others. The AVISPA tool for the automated validation of internet security protocols and applications. In International Conference on Computer Aided Verification, page 281-285, 2005.
Towards improving the usability and security of Web single sign-on systems
  • S Sun
Sun, S.. Towards improving the usability and security of Web single sign-on systems. PhD. Thesis, University of British Columbia. Accessed on 1 June, 2016. 2013. https://open.library.ubc.ca/cIRcle/collections/ ubctheses/24/items/1.0103287.
Security Usability of Petname Systems
  • M S Ferdous
  • A Jøsang
  • K Singh
  • R Borgaonkar
Ferdous, M.S., Jøsang, A., Singh, K. and Borgaonkar, R. Security Usability of Petname Systems. In NordSec'09, volume 5838 of LNCS, pages 44-59, Springer, 2009.
AccessToken) /\ secret(AccessToken,as_rs_accesstoken,{AS,RS}) /\ witness(RS,RP, rs_rp_profile,PROFILE) /\ request(RS,AS,as_rs_n4,N4') /\ witness(RS,RP,rp_rs_n5,N5') application
  • R P As
  • App Ku
  • Krp
  • Kas
  • Kapp
  • Su
  • Ru
  • Srp
  • Rrp
  • Sas
  • Ras
  • Srs
N5'}_inv(KRS).ID'}_KRP}_KAPP) /\ request(AS,RS,as_rs_accesstoken,AccessToken) /\ secret(AccessToken,as_rs_accesstoken,{AS,RS}) /\ witness(RS,RP, rs_rp_profile,PROFILE) /\ request(RS,AS,as_rs_n4,N4') /\ witness(RS,RP,rp_rs_n5,N5') application (U,RP,AS,APP,RS : agent, KU,KRP,KAS,KAPP,KRS : public_key, SU,RU,SRP,RRP,SAS,RAS,SRS,RRS : channel(dy), AccessToken,AuthZGrant,PROFILE : hash_func, → 55 AuthZReq,AuthZResp : message)
ID'}_KRP )}_inv(KAPP)}_KRP) /\ witness(APP,RP,app_rp_authzresp,AuthZResp) session (U,AS
  • Rp
  • App
  • Ku
  • Kas
  • Krp
  • Kapp
  • Resource
  • Authzgrant
  • Accesstoken Profile
State=16 /\ RRS({RS.APP.RP.{RP.{PROFILE(A').N5'}_inv(RS).ID'}_KRP}_KAPP) =|> State':=18 /\ SRP({APP.RP.{AuthZResp({RP.{PROFILE(A').N5'}_inv(KRS).ID'}_KRP )}_inv(KAPP)}_KRP) /\ witness(APP,RP,app_rp_authzresp,AuthZResp) session (U,AS,RP,APP,RS : agent, KU,KAS,KRP,KAPP,KRS : public_key, Resource,AuthZGrant,PROFILE,AccessToken : hash_func, 69