Skip to main content
SpringerLink
Log in

Analyzing Security and Privacy in Design and Implementation of Web Authentication Protocols

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11232))

Included in the following conference series:

Abstract

Web authentication protocols have become the basis in safe-guarding the users’ sensitive data managed by the web services. Provided the critical role of web authentication protocols, their security and privacy properties deserve rigorous analysis. In this work, the target is to formally analyze both security and privacy properties of web authentication protocol designs and implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bai, G., et al.: AuthScan: automatic extraction of web authentication protocols from implementations. In: NDSS (2013)

    Google Scholar 

  2. Bai, G., Hao, J., Wu, J., Liu, Y., Liang, Z., Martin, A.: Trustfound: towards a formal foundation for model checking trusted computing platforms. In: FM, pp. 110–126 (2014)

    Google Scholar 

  3. Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Keys to the cloud: formal analysis and concrete attacks on encrypted web storage. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 126–146. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36830-1_7

    Chapter  Google Scholar 

  4. Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: CSF, pp. 247–262 (2012)

    Google Scholar 

  5. Fett, D., KĂĽsters, R., Schmitz, G.: An expressive model for the web infrastructure: definition and application to the BrowserID SSO system. In: IEEE S&P (2014)

    Google Scholar 

  6. Fett, D., Küsters, R., Schmitz, G.: Analyzing the BrowserID SSO system with primary identity providers using an expressive model of the web. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 43–65. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_3

    Chapter  Google Scholar 

  7. Fett, D., Küsters, R., Schmitz, G.: SPRESSO: a secure, privacy-respecting single sign-on system for the web. In: CCS, pp. 1358–1369 (2015)

    Google Scholar 

  8. Hao, J., Liu, Y., Cai, W., Bai, G., Sun, J.: vTRUST: a formal modeling and verification framework for virtualization systems. In: ICFEM, pp. 329–346 (2013)

    Google Scholar 

  9. Reuters: Facebook says data leak hits 87 million users, widening privacy scandal. https://www.reuters.com/article/us-facebook-privacy/facebook-says-data-leak-hits-87-million-users-widening-privacy-scandal-idUSKCN1HB2CM

  10. Sciarretta, G., Carbone, R., Ranise, S., Armando, A.: Anatomy of the Facebook solution for mobile single sign-on: security assessment and improvements (2017)

    Article  Google Scholar 

  11. Sun, S.T., Hawkey, K., Beznosov, K.: Systematically breaking and fixing openID security: formal analysis, semi-automated empirical evaluation, and practical countermeasures. Comput. Secur. 31(4), 465–483 (2012)

    Article  Google Scholar 

  12. Wang, K., Bai, G., Dong, N., Dong, J.S.: A framework for formal analysis of privacy on SSO protocols. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 763–777. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_41

    Chapter  Google Scholar 

  13. Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services. In: IEEE S&P (2012)

    Google Scholar 

  14. Wang, R., Zhou, Y., Chen, S., Qadeer, S., Evans, D., Gurevich, Y.: Explicating SDKs: uncovering assumptions underlying secure authentication and authorization. In: USENIX Security, pp. 399–414 (2013)

    Google Scholar 

  15. Ye, Q., Bai, G., Wang, K., Dong, J.S.: Formal analysis of a single sign-on protocol implementation for Android. In: ICECCS, pp. 90–99 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National University of Singapore, Singapore, Singapore

    Kailong Wang

Authors
  1. Kailong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kailong Wang .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Jing Sun

  2. Peking University, Beijing, China

    Meng Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, K. (2018). Analyzing Security and Privacy in Design and Implementation of Web Authentication Protocols. In: Sun, J., Sun, M. (eds) Formal Methods and Software Engineering. ICFEM 2018. Lecture Notes in Computer Science(), vol 11232. Springer, Cham. https://doi.org/10.1007/978-3-030-02450-5_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02450-5_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02449-9

  • Online ISBN: 978-3-030-02450-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation