会议专题

Security Validation of Information Card Protocol with AVISPA

Information Card (InfoCard), as an OASIS standard, is a federated identity management metasystem based on visual cards. Users can collect information cards issued by various identity providers, such as web portals, governments, or companies, and use these cards to log on various relying parties. InfoCard protocol is as the foundation of the InfoCard system and its security properties should undergo rigorous analysis. However, there is currently a lack of security analysis to InfoCard protocol, especially, with formal methods. In this paper, we analyze security properties of InfoCard protocol adopting a formal protocol analysis tool AVISPA. Our analysis result discovers that current InfoCard protocol is vulnerable against the reply attack, where an intruder can intercept the message in one session and reply it in another session. We further propose a countermeasure to effectively prevent such an attack. Our security analysis provides better guidance for correctly implementing and making use of InfoCard protocol.

Information card Security Formal AVISPA

Juan Wang Hongxin Hu

Computer School, Wuhan University Wuhan, China Laboratory of Security Engineering for Future Computing Arizona State University, Tempe, AZ, USA

国际会议

2010 International Conference on Information Security and Artificial Intelligence(2010年信息安全与人工智能国际会议 ISAI 2010)

成都

英文

856-860

2010-12-17(万方平台首次上网日期,不代表论文的发表时间)