A Verified Secure Protocol Model of OAuth Dynamic Client Registration
2017 3rd International Conference on Big Data Computing and Communications (BIGCOM)(2017)
摘要
OAuth dynamic client registration protocol (ODCRP) is designed to implement the dynamic registration process between a third-party site and an authorization server (AS). When a third-party site has completed the registration on an AS, a user can authorize the third-party site by the AS to access the protected resource on a resource server. After the user has completed the authorization, the AS redirects the user to a designated site based on the registration information. However, if an AS was attacked by an attacker after completed the register, the attacker may modify or forge registration information, then a user may be redirected to a malicious site.To solve the problem above, we propose a verified secure protocol model of OAuth dynamic client registration (VSPM ODCR) which can be used to ensure the security of the registration information. Our approach is to separate the registration function from the AS by introducing a security registry center. All the sensitive parameters about the registration process will be protected by the security registry center. The protected registration information is designed to be verifiable. That is, at the time of authorization, the AS provides the registration information of the third-party site to be verified by the user. As a result, the AS attacked by an attacker can not complete the authorization function without the help of the security registration center. To prove the reliability of the model, we give an abstract formal description of the model, and a formal definition of the security properties needed to be satisfied. At last, we verify the authenticity property and the integrity of the registration information about two concrete configurations in model by ProVerif.
更多查看译文
关键词
OAuth,VSPM ODCR,formal description,security registry center
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络