Formal analysis of Facebook Connect Single Sign-On authentication protocol
نویسندگان
چکیده
We present a formal analysis of the authentication protocol of Facebook Connect, the Single Sign-On service offered by the Facebook Platform which allows Facebook users to login to affiliated sites. Formal specification and verification have been carried out using the specification language HLPSL and AVISPA, a state-of-the-art verification tool for security protocols. AVISPA has revealed two security flaws, one of which (previously unheard of, up to our knowledge) allows an intruder to impersonate a user at a service provider affiliated with Facebook. To address this problem, we propose a modification of the protocol, by adding a message authentication mechanism; this protocol has been verified with AVISPA to be safe from the masquerade attack. Finally, we sketch a JavaScript implementation of the modified protocol.
منابع مشابه
On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect
OpenID Connect is a new Single Sign-On (SSO) authentication protocol, which is becoming increasingly important since its publication in February 2014. OpenID Connect relies on the OAuth protocol, which currently is the de facto standard for delegated authorization in the modern web and is supported by leading companies like, e.g., Google, Facebook and Twitter. An important limitation of OAuth i...
متن کاملAutomatic recognition, processing and attacking of single sign-on protocols with burp suite
SAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth — today’s web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each...
متن کاملGame-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملProtecting Web-Based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel
Web-based single sign-on describes a class of protocols where a user signs into a web site with the authentication provided as a service by a third party. In exchange for the increased complexity of the authentication procedure, SSO makes it convenient for users to authenticate themselves to many different web sites (relying parties), using just a single account at an identity provider such as ...
متن کاملGSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010