Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applications and Techniques in Information Security

ATIS 2015: Applications and Techniques in Information Security pp 101–113Cite as

Reconstruction of Potential Attack Scenarios of the OpenID Protocol Towards Network Forensics Analysis

  • Conference paper
  • First Online:

  • 926 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 557))

Abstract

We present a way to model web-based security protocols using TLA+, and describe a fully automatic analysis that supports reconstruction of the potential attack scenarios of web-based security protocols. Which could provide conclusive descriptions and non refutable proofs regarding the source of the attack, details of steps involved in the occurred attack scenario, exploited vulnerabilities, and generated system damages. This is of important significance for network forensic analysis. As a case study, we successfully find a new attack scenario of OpenID protocol and the modified protocol is introduced as well.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Rekhis, S., Boudriga, N.: Logic-based approach for digital forensic investigation in communication networks. Comput. Secur. 30, 376–396 (2011)

    Article  Google Scholar 

  2. Recordon, D., Fitzpatrick., B.: OpenID authentication 2.0, December 2007. http://openid.net/specs/openid-authentication-2_0.html

  3. Khan, R.H., Ylitalo, J, Ahmed, A.S.: OpenID authentication as a service in openstack. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 372–377, December 2011

    Google Scholar 

  4. Tsyrklevich, E., Tsyrklevich, V.: Single sign-on for the internet: a security story. In: Proceedings of the BlackHat07, July 2007

    Google Scholar 

  5. Barth, A., Jackson, C., Mitchell, J.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS08), pp. 75–78. ACM, New York (2008)

    Google Scholar 

  6. Feld, S., Pohlmann, N.: Security analysis of OpenID. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) Proceedings of the Securing Electronic Business Processes-Highlights of the Information Security Solutions Europe 2010 Conference, pp. 13–25. Springer, Heidelberg (2010)

    Google Scholar 

  7. Lamport, L.: Specifying Systems: The TLA\(+\) Language and Tools for Hardware and Software Engineers. Addison-Wesley Publishing Company, Boston (2002)

    Google Scholar 

  8. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  9. Lamport, L., Yu, Y.: TLC-The TLA+ Model Checker (2015). http://research.microsoft.com/en-us/um/people/lamport/tla/tlc.html

Download references

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Dongyao Ji, Junliang Liu & Gang Yao

Authors
  1. Dongyao Ji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junliang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gang Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dongyao Ji .

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Beijing, China

    Wenjia Niu

  2. Deakin University, Burwood, Victoria, Australia

    Gang Li

  3. Beijing Jiaotong University, Beijing, China

    Jiqiang Liu

  4. Chinese Academy of Sciences, Beijing, China

    Jianlong Tan

  5. Chinese Academy of Sciences, Beijing, China

    Li Guo

  6. Beijing Jiaotong University, Beijing, China

    Zhen Han

  7. Fac. Science&Technology, Deakin University, Burwood, Victoria, Australia

    Lynn Batten

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ji, D., Liu, J., Yao, G. (2015). Reconstruction of Potential Attack Scenarios of the OpenID Protocol Towards Network Forensics Analysis. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48683-2_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48682-5

  • Online ISBN: 978-3-662-48683-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation