{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T22:40:16Z","timestamp":1743028816279,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642302435"},{"type":"electronic","value":"9783642302442"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-30244-2_10","type":"book-chapter","created":{"date-parts":[[2012,4,28]],"date-time":"2012-04-28T12:55:50Z","timestamp":1335617750000},"page":"113-124","source":"Crossref","is-referenced-by-count":1,"title":["Formal Security Analysis of OpenID with GBA Protocol"],"prefix":"10.1007","author":[{"given":"Abu Shohel","family":"Ahmed","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peeter","family":"Laud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"3GPP TS 33.220 - Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic bootstrapping architecture (2007), http:\/\/www.3gpp.org\/ftp\/Specs\/html-info\/33220.htm"},{"key":"10_CR2","unstructured":"3GPP TR 33.924 - Identity management and 3GPP security interworking; Identity management and Generic Authentication Architecture (GAA) interworking (2009), http:\/\/www.3gpp.org\/ftp\/Specs\/html-info\/33924.htm"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104\u2013115 (2001)","DOI":"10.1145\/373243.360213"},{"key":"10_CR4","unstructured":"Ahmed, A.S., Laud, P.: ProVerif model files for the OpenID with GBA protocol (2011), http:\/\/research.cyber.ee (last accessed March 30, 2011)"},{"key":"10_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/11513988_27","volume-title":"Computer Aided Verification","author":"A. Armando","year":"2005","unstructured":"Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., He\u00e1m, P.C., Kouchnarenko, O., Mantovani, J., M\u00f6dersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Vigan\u00f2, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol.\u00a03576, pp. 281\u2013285. Springer, Heidelberg (2005)"},{"key":"10_CR6","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, Washington, DC, USA, pp. 82\u201396. IEEE Computer Society (2001)","DOI":"10.1109\/CSFW.2001.930138"},{"key":"10_CR8","unstructured":"Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada (2001)"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Dusseault, L.: 7 Flaws of Identity Management: Usability and Security Challenges. In: IEEE Security & Privacy, vol. 6, p. 24 (March 2008)","DOI":"10.1109\/MSP.2008.49"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (August 2008)","DOI":"10.17487\/rfc5246"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Dolev, D., Yao, A.C.: On the security of public key protocols. Tech. rep., Stanford, CA, USA (1981)","DOI":"10.1109\/SFCS.1981.32"},{"key":"10_CR12","unstructured":"Feld, S., Pohlmann, N.: Security analysis of OpenID, followed by a reference implementation of an nPA-based OpenID provider. In: Information Security Solutions Europe (ISSE) Conference, Madrid, Spain (2008)"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: Http authentication: Basic and digest access authentication (1999)","DOI":"10.17487\/rfc2617"},{"key":"10_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-540-88733-1_22","volume-title":"Provable Security","author":"S. Gajek","year":"2008","unstructured":"Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally Composable Security Analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol.\u00a05324, pp. 313\u2013327. Springer, Heidelberg (2008)"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Holtmanns, S., Niemi, V., Ginzboorg, P., Laitinen, P., Asokan, N.: Cellular Authentication for Mobile and Internet Services., 1st edn. Wiley Publishing Inc. (2008)","DOI":"10.1002\/9780470771013"},{"key":"10_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/978-3-642-04766-4_19","volume-title":"Identity and Privacy in the Internet Age","author":"P. Laud","year":"2009","unstructured":"Laud, P., Roos, M.: Formal Analysis of the Estonian Mobile-ID Protocol. In: J\u00f8sang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol.\u00a05838, pp. 271\u2013286. Springer, Heidelberg (2009)"},{"key":"10_CR17","unstructured":"Lindholm, A.: Security Evaluation of the OpenID Protocol. Master\u2019s thesis, Royal Institute of Technology (KTH), Stockholm, Sweden (2009)"},{"key":"10_CR18","unstructured":"Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, 5th edn., vol.\u00a01, ch.10. CRC Press (2001)"},{"key":"10_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-540-89255-7_5","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"P. Morrissey","year":"2008","unstructured":"Morrissey, P., Smart, N.P., Warinschi, B.: A Modular Security Analysis of the TLS Handshake Protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol.\u00a05350, pp. 55\u201373. Springer, Heidelberg (2008)"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Niemi, A., Arkko, J., Torvinen, V.: Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA). RFC 3310 (September 2002)","DOI":"10.17487\/rfc3310"},{"key":"10_CR21","unstructured":"Niemi, V., Nyberg, K.: UMTS Security, 1st edn., ch.8. Wiley Publishing Inc. (2003)"},{"key":"10_CR22","unstructured":"OpenID Authentication 2.0 - Final (2010), http:\/\/openid.net\/specs\/openid-authentication-2_0.html (last accessed March 30, 2011)"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11\u201316. ACM (2006)","DOI":"10.1145\/1179529.1179532"},{"key":"10_CR24","unstructured":"Sovis, P., Kohlar, F., Schwenk, J.: Security Analysis of OpenID. In: Freiling, F.C. (ed.) Sicherheit, GI. LNI, vol.\u00a0170, pp. 329\u2013340 (2010)"},{"key":"10_CR25","unstructured":"Urue\u00f1a, M., Busquiel, C.: Analysis of a Privacy Vulnerability in the OpenID Authentication Protocol. In: IEEE Multimedia Communications, Services and Security (MCSS 2010), Krakow, Poland (2010)"},{"key":"10_CR26","unstructured":"Windley, P.J.: Digital Identity - Ebook edition. O\u2019Reilly Media (2008)"},{"key":"10_CR27","unstructured":"Zhang, J., Warkentin, P., Sankhla, V.: AVISPA model for EAP: Extensible Authentication Protocol, http:\/\/www.avispa-project.org\/library\/EAP_AKA.html (last accessed March 30, 2011)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Mobile Information and Communication Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-30244-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:58:51Z","timestamp":1743026331000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-30244-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642302435","9783642302442"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-30244-2_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2012]]}}}