Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal are based on the OpenID Connect protocol. This protocol enables so-called relying parties to delegate user authentication to so-called identity providers. OpenID Connect is one of the newest and most widely deployed single sign-on protocols on the web. Despite its importance, it has not received much attention from security researchers so far, and in particular, has not undergone any rigorous security analysis. In this paper, we carry out the first in-depth security analysis of OpenID Connect. To this end, we use a comprehensive generic model of the web to develop a detailed formal model of OpenID Connect. Based on this model, we then precisely formalize and prove central security properties for OpenID Connect, including authentication, authorization, and session integrity properties. In our modeling of OpenID Connect, we employ security measures in order to avoid attacks on OpenID Connect that have been discovered previously and new attack variants that we document for the first time in this paper. Based on these security measures, we propose security guidelines for implementors of OpenID Connect. Our formal analysis demonstrates that these guidelines are in fact effective and sufficient.
翻译:Google Sign-In和Log In和Paypal等基于网络的单一签名(SSO)服务以OpenID连接协议为基础。这项协议使所谓的依赖方能够将用户认证权下放给所谓的身份提供者。 OpenID Connect 是网络上最新和最广泛部署的单一签名协议之一。尽管它很重要,但迄今没有得到安全研究人员的多少关注,特别是没有经过任何严格的安全分析。在本文件中,我们首次对OpenID连接进行了深入的安全分析。为此,我们使用一个全面的网络通用模型来开发一个详细的OpenID连接正式模式。基于这一模式,我们随后精确地正式确定并证明OpenID连接的核心安全属性,包括认证、授权和会合完整性属性。在我们的OpenID连接模型中,我们采取了安全措施以避免以前发现的对OpenID连接的攻击,以及我们首次在本文中记录的新的攻击变体。基于这些安全措施,我们为OpenID连接的实施者提出了安全指南。我们的正式分析表明,这些准则是有效的。
相关内容
微信扫码咨询专知VIP会员