Bitte benutzen Sie diese Kennung, um auf die Ressource zu verweisen:
http://dx.doi.org/10.18419/opus-13698
Langanzeige der Metadaten
DC Element | Wert | Sprache |
---|---|---|
dc.contributor.author | Hosseyni, Pedram | - |
dc.contributor.author | Küsters, Ralf | - |
dc.contributor.author | Würtele, Tim | - |
dc.date.accessioned | 2023-11-02T09:10:00Z | - |
dc.date.available | 2023-11-02T09:10:00Z | - |
dc.date.issued | 2023 | de |
dc.identifier.other | 1869112326 | - |
dc.identifier.uri | http://nbn-resolving.de/urn:nbn:de:bsz:93-opus-ds-137174 | de |
dc.identifier.uri | http://elib.uni-stuttgart.de/handle/11682/13717 | - |
dc.identifier.uri | http://dx.doi.org/10.18419/opus-13698 | - |
dc.description.abstract | Building on our recent formal security analysis of the FAPI 2.0 Security Profile, we here extend the analysis effort to FAPI 2.0 Message Signing, combined with Dynamic Client Registration, Dynamic Client Management, and FAPI-CIBA. Overall, we model an ecosystem which uses all these profiles and extensions in parallel. Like the previous work on the FAPI 2.0 Security Profile, this analysis is based on the Web Infrastructure Model, a Dolev-Yao style model of the web infrastructure - in fact, it is the most comprehensive and detailed model of the web infrastructure to date. We identify several attacks, propose fixes and prove the fixed protocols secure with respect to authorization, authentication, session integrity for both authorization and authentication, and non-repudiation for the messages covered by FAPI 2.0 Message Signing. The attacks and proposed fixes have been reported to the responsible FAPI Working Group at the OpenID Foundation, and fixes have since been incorporated into the specifications. | en |
dc.language.iso | en | de |
dc.rights | info:eu-repo/semantics/openAccess | de |
dc.subject.ddc | 004 | de |
dc.title | Formal security analysis of the OpenID FAPI 2.0 Security Profile with FAPI 2.0 Message Signing, FAPI-CIBA, Dynamic Client Registration and Management : technical report | en |
dc.type | report | de |
ubs.fakultaet | Informatik, Elektrotechnik und Informationstechnik | de |
ubs.institut | Institut für Informationssicherheit | de |
ubs.publikation.seiten | 124 | de |
ubs.publikation.typ | Verschiedenartige Texte | de |
Enthalten in den Sammlungen: | 05 Fakultät Informatik, Elektrotechnik und Informationstechnik |
Dateien zu dieser Ressource:
Datei | Beschreibung | Größe | Format | |
---|---|---|---|---|
oct23-tr-opus.pdf | 1,29 MB | Adobe PDF | Öffnen/Anzeigen |
Alle Ressourcen in diesem Repositorium sind urheberrechtlich geschützt.