On securing online registration protocols: Formal verification of a new proposal

作者:

Highlights:

摘要

The deployment of Internet based applications calls for adequate users management procedures, being online registration a critical element. In this respect, Email Based Identification and Authentication (EBIA) is an outstanding technique due to its usability. However, it does not handle properly some major issues which make it unsuitable for systems where security is of concern. In this work we modify EBIA to propose a protocol for users registration. Moreover, we assess the security properties of the protocol using the automatic protocol verifier ProVerif. Finally, we show that the modifications applied to EBIA are necessary to ensure security since, if they are removed, attacks on the protocol are enabled. Our proposal keeps the high usability features of EBIA, while reaching a reasonable security level for many applications. Additionally, it only requires minor modifications to current Internet infrastructures.

论文关键词:Protocol security,Automated verification,EBIA,Security-by-design,Digital identity

论文评审过程:Received 27 May 2013, Revised 2 December 2013, Accepted 14 January 2014, Available online 5 February 2014.

论文官网地址:https://doi.org/10.1016/j.knosys.2014.01.011