Abstract
We present a way to model web-based security protocols using TLA+, and describe a fully automatic analysis that supports reconstruction of the potential attack scenarios of web-based security protocols. Which could provide conclusive descriptions and non refutable proofs regarding the source of the attack, details of steps involved in the occurred attack scenario, exploited vulnerabilities, and generated system damages. This is of important significance for network forensic analysis. As a case study, we successfully find a new attack scenario of OpenID protocol and the modified protocol is introduced as well.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Rekhis, S., Boudriga, N.: Logic-based approach for digital forensic investigation in communication networks. Comput. Secur. 30, 376–396 (2011)
Recordon, D., Fitzpatrick., B.: OpenID authentication 2.0, December 2007. http://openid.net/specs/openid-authentication-2_0.html
Khan, R.H., Ylitalo, J, Ahmed, A.S.: OpenID authentication as a service in openstack. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 372–377, December 2011
Tsyrklevich, E., Tsyrklevich, V.: Single sign-on for the internet: a security story. In: Proceedings of the BlackHat07, July 2007
Barth, A., Jackson, C., Mitchell, J.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS08), pp. 75–78. ACM, New York (2008)
Feld, S., Pohlmann, N.: Security analysis of OpenID. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) Proceedings of the Securing Electronic Business Processes-Highlights of the Information Security Solutions Europe 2010 Conference, pp. 13–25. Springer, Heidelberg (2010)
Lamport, L.: Specifying Systems: The TLA\(+\) Language and Tools for Hardware and Software Engineers. Addison-Wesley Publishing Company, Boston (2002)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)
Lamport, L., Yu, Y.: TLC-The TLA+ Model Checker (2015). http://research.microsoft.com/en-us/um/people/lamport/tla/tlc.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ji, D., Liu, J., Yao, G. (2015). Reconstruction of Potential Attack Scenarios of the OpenID Protocol Towards Network Forensics Analysis. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-48683-2_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48682-5
Online ISBN: 978-3-662-48683-2
eBook Packages: Computer ScienceComputer Science (R0)