OpenID Connect protocol is widely used today, and it is one of the newest Single Sign-On protocols in authentication. At present, a lot of people are deeply focused on the researches of the security analysis of it. In this paper, we aimed at analyzing the authentication of OpenID Connect protocol by getting the message term of it through its authentication message flow, then formalizing it with Blanchet calculus in computational model, and finally transforming the model into the syntax of CryptoVerif, generate the CryptoVerif inputs in the form of channels Front-end, and import the syntax into the mechanized tool CryptoVerif to analyze its authentication. The result shows that OpenID Connect protocol has no authentication between the End-User and Authorization Server, Token Endpoint can’t authenticate Client, while Client can authenticate Token Endpoint.
CITATION STYLE
Zhang, J., Lu, J., Wan, Z., Li, J., & Meng, B. (2017). Security analysis of openid connect protocol with cryptoverif in the computational model. In Lecture Notes on Data Engineering and Communications Technologies (Vol. 1, pp. 925–934). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-319-49109-7_90
Mendeley helps you to discover research relevant for your work.