TY - JOUR
T1 - A Novel Secure and Privacy-Preserving Model for OpenID Connect Based on Blockchain
AU - Yousra, Belfaik
AU - Yassine, Sadqi
AU - Yassine, Maleh
AU - Said, Safi
AU - Lo'ai, Tawalbeh
AU - Salah, Khaled
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2023
Y1 - 2023
N2 - OpenID Connect (OIDC) is one of the most widely used delegated authentication protocols in web and mobile applications providing a single sign-on experience. It allows third-party applications, called Relying Parties (RP), to securely request and receive information about authenticated sessions and end-users from an identity provider. The OIDC specification defines several parameters, including the client_id, client_secret, authorization code, access token, id token, state, and redirect_uri, as keys to the protocol operation, with significant security and privacy implications. Therefore, securing these parameters is critical to prevent attackers from impersonating legitimate entities, gaining unauthorized access, having complete control over users' accounts, and/or violating their privacy. To enhance OIDC security and preserve its users' privacy, we propose a novel model for OIDC based on the Ethereum Blockchain and the non-fungible token (ERC721) standard. To prove the robustness and safety of the proposed system, we perform a detailed security analysis formally using the most widely accepted protocols security verification tools, AVISPA and Scyther, and informally by discussing various attacks. The analysis results show that the proposed system is resilient against well-known attacks. Furthermore, we evaluate the cost and performance of the proposed solution, confirming its affordability and assuring that our approach does not impact the user experience and performance of existing OIDC-based systems. Finally, we conduct a security and privacy comparative analysis with similar existing systems, proving the superiority and efficiency of our proposed Blockchain-based OIDC system.
AB - OpenID Connect (OIDC) is one of the most widely used delegated authentication protocols in web and mobile applications providing a single sign-on experience. It allows third-party applications, called Relying Parties (RP), to securely request and receive information about authenticated sessions and end-users from an identity provider. The OIDC specification defines several parameters, including the client_id, client_secret, authorization code, access token, id token, state, and redirect_uri, as keys to the protocol operation, with significant security and privacy implications. Therefore, securing these parameters is critical to prevent attackers from impersonating legitimate entities, gaining unauthorized access, having complete control over users' accounts, and/or violating their privacy. To enhance OIDC security and preserve its users' privacy, we propose a novel model for OIDC based on the Ethereum Blockchain and the non-fungible token (ERC721) standard. To prove the robustness and safety of the proposed system, we perform a detailed security analysis formally using the most widely accepted protocols security verification tools, AVISPA and Scyther, and informally by discussing various attacks. The analysis results show that the proposed system is resilient against well-known attacks. Furthermore, we evaluate the cost and performance of the proposed solution, confirming its affordability and assuring that our approach does not impact the user experience and performance of existing OIDC-based systems. Finally, we conduct a security and privacy comparative analysis with similar existing systems, proving the superiority and efficiency of our proposed Blockchain-based OIDC system.
KW - Authentication
KW - blockchain
KW - OpenID connect
KW - privacy-preserving
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85164381233&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2023.3292143
DO - 10.1109/ACCESS.2023.3292143
M3 - Article
AN - SCOPUS:85164381233
SN - 2169-3536
VL - 11
SP - 67660
EP - 67678
JO - IEEE Access
JF - IEEE Access
ER -