Formal analysis of Facebook Connect Single Sign-On authentication protocol

VIInternet και Εφαρμογές Web

13 Φεβ 2012 (πριν από 3 χρόνια και 2 μήνες)

1.126 εμφανίσεις

Abstract. We present a formal analysis of the authentication protocol of Facebook Connect, the Single Sign-On service o ered by the Facebook Platform which allows Facebook users to login to aliated sites. Formal speci cation and veri cation have been carried out using the speci cation language HLPSL and AVISPA, a state-of-the-art veri cation tool for security protocols. AVISPA has revealed two security aws, one of which (previously unheard of, up to our knowledge) allows an intruder to impersonate a user at a service provider aliated with Facebook. To address this problem, we propose a modi cation of the protocol, by adding a message authentication mechanism; this protocol has been veri ed with AVISPA to be safe from the masquerade attack. Finally,

Η ανάκτηση του κειμένου δεν ήταν εφικτή