CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol

by Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 180 - Number 17
Year of Publication: 2018
Authors: Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari
10.5120/ijca2018916388

Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari . Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol. International Journal of Computer Applications. 180, 17 ( Feb 2018), 27-31. DOI=10.5120/ijca2018916388

@article{ 10.5120/ijca2018916388,
author = { Roshni Bhandari, Dhiren Patel, Brijesh A. Bhandari },
title = { Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol },
journal = { International Journal of Computer Applications },
issue_date = { Feb 2018 },
volume = { 180 },
number = { 17 },
month = { Feb },
year = { 2018 },
issn = { 0975-8887 },
pages = { 27-31 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume180/number17/29025-2018916388/ },
doi = { 10.5120/ijca2018916388 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:00:56.598801+05:30
%A Roshni Bhandari
%A Dhiren Patel
%A Brijesh A. Bhandari
%T Improving Privacy of OpenID Cloud Identity Management Framework: Formal Analysis, Verification of Protocol
%J International Journal of Computer Applications
%@ 0975-8887
%V 180
%N 17
%P 27-31
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cloud computing is a new trend of computing paradigm that provides a set of scalable resources on demand. However, it also being a target of cyber attacks and creates risk for data privacy and protection. An Identity Management System (IDM) supports the management of multiple digital identities for authentication and authorization. The various identity management frameworks that help making Cloud environment more secure. OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and thousands of supporting websites. The security of the protocol is critical. In OpenID Identity Management Framework, User Privacy is the issue. In this paper we had introduced the results of a systematic analysis of the OpenID authentication protocol using scyther tool. Our formal analysis reveals that the protocol does not guarantee the authenticity and integrity of the authentication request, and it lacks bindings among the protocol messages and the browser. We provide a simple and scalable defense mechanism for service providers to ensure the authenticity and integrity of the protocol messages.

References
  1. Barth A, Jackson C, and Mitchell JC, Robust defenses for cross-site request forgery, In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08), New York, USA, 2008.
  2. Sovis P, Kohlar F, and Schwenk J, Security analysis of OpenID, In Proceedings of the Securing Electronic Business Processese Highlights of the Information Security Solutions Europe 2010 Conference; October 2010.
  3. Lindholm A. Security evaluation of the OpenID protocol, Master of Science Thesis, Royal Institute of Technology, 2009.
  4. Wang R, Chen S, and Wang X, Attribute exchange security alert, http://openid.net/2011/05/05/attribute-exchange-securityalert
  5. Nunez D, Agudo I, and Lopez J, Integrating openid with proxy re-encryption to enhance privacy in cloud-based identity services, in Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, 2012.
  6. Cremers C, Scyther tool, http://people.inf.ethz.ch/cremersc/scyther
  7. Cremers, C. Scyther - semantics and verification of security protocols, Ph.D. dissertation, Eindhoven University of Technology, 2006.
Index Terms

Computer Science
Information Sciences

Keywords

Single Sign-on OpenID Authentication Protocol Analysis

Powered by PhDFocusTM