Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol

Roshni Bhandari; Dhiren Patel; Brijesh A. Bhandari

Call for Paper

January Edition

IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper

Know more

The week's pick

Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen

Random Articles

Object Detection System using Arduino and Android Application for Visually Impaired People

Sep

2018

Geometric Mean based Algorithm for Prioritizing Processors on Cloud Environment

June

2015

A COBIT5 Framework for IoT Risk Management

Jul

2017

Texture based Emotion Recognition from Facial Expressions using Support Vector Machine

October

2013

Reseach Article

Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol

by Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 180 - Number 17

Year of Publication: 2018

Authors: Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari

10.5120/ijca2018916388

Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari . Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol. International Journal of Computer Applications. 180, 17 ( Feb 2018), 27-31. DOI=10.5120/ijca2018916388

@article{ 10.5120/ijca2018916388,

author = { Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari },

title = { Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol },

journal = { International Journal of Computer Applications },

issue_date = { Feb 2018 },

volume = { 180 },

number = { 17 },

month = { Feb },

year = { 2018 },

issn = { 0975-8887 },

pages = { 27-31 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume180/number17/29025-2018916388/ },

doi = { 10.5120/ijca2018916388 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T01:00:56.598801+05:30

%A Roshni Bhandari

%A Dhiren Patel

%A Brijesh A. Bhandari

%T Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol

%J International Journal of Computer Applications

%@ 0975-8887

%V 180

%N 17

%P 27-31

%D 2018

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Cloud computing is a new trend of computing paradigm that provides a set of scalable resources on demand. However, it also being a target of cyber attacks and creates risk for data privacy and protection. An Identity Management System (IDM) supports the management of multiple digital identities for authentication and authorization. The various identity management frameworks that help making Cloud environment more secure. OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and thousands of supporting websites. The security of the protocol is critical. In OpenID Identity Management Framework, User Privacy is the issue. In this paper we had introduced the results of a systematic analysis of the OpenID authentication protocol using scyther tool. Our formal analysis reveals that the protocol does not guarantee the authenticity and integrity of the authentication request, and it lacks bindings among the protocol messages and the browser. We provide a simple and scalable defense mechanism for service providers to ensure the authenticity and integrity of the protocol messages.

References

Barth A, Jackson C, and Mitchell JC, Robust defenses for cross-site request forgery, In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), New York, USA, 2008.
Sovis P, Kohlar F, and Schwenk J, Security analysis of OpenID, In Proceedings of the Securing Electronic Business Processese Highlights of the Information Security Solutions Europe 2010 Conference; October 2010.
Lindholm A. Security evaluation of the OpenID protocol, Master of Science Thesis, Royal Institute of Technology, 2009.
Wang R, Chen S, and Wang X, Attribute exchange security alert, http://openid.net/2011/05/05/attribute-exchange-securityalert
Nunez D, Agudo I, and Lopez J, Integrating openid with proxy re-encryption to enhance privacy in cloud-based identity services, in Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, 2012.
Cremers C, Scyther tool, http://people.inf.ethz.ch/cremersc/scyther
Cremers, C. Scyther - semantics and verification of security protocols, Ph.D. dissertation, Eindhoven University of Technology, 2006.

Index Terms

Computer Science

Information Sciences

Keywords

Single Sign-on OpenID Authentication Protocol Analysis