The paper presents the formal security analysis of 3GPP standardized OpenID with Generic Bootstrapping Architecture protocol which allows phone users to use OpenID services based on SIM credentials. We have used an automatic protocol analyzer to prove key security properties of the protocol. Additionally, we have analyzed robustness of the protocol under several network attacks and different threat models (e.g., compromised OP, user entity). The result shows the protocol is secure against key security properties under specific security settings and trust assumptions.


Message Authentication Code Mobile Network Operator Transport Layer Security Home Subscriber Server Protocol Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    3GPP TS 33.220 - Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic bootstrapping architecture (2007),
  2. 2.
    3GPP TR 33.924 - Identity management and 3GPP security interworking; Identity management and Generic Authentication Architecture (GAA) interworking (2009),
  3. 3.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104–115 (2001)Google Scholar
  4. 4.
    Ahmed, A.S., Laud, P.: ProVerif model files for the OpenID with GBA protocol (2011), (last accessed March 30, 2011)
  5. 5.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, Washington, DC, USA, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  8. 8.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada (2001)Google Scholar
  9. 9.
    Dhamija, R., Dusseault, L.: 7 Flaws of Identity Management: Usability and Security Challenges. In: IEEE Security & Privacy, vol. 6, p. 24 (March 2008)Google Scholar
  10. 10.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (August 2008)Google Scholar
  11. 11.
    Dolev, D., Yao, A.C.: On the security of public key protocols. Tech. rep., Stanford, CA, USA (1981)Google Scholar
  12. 12.
    Feld, S., Pohlmann, N.: Security analysis of OpenID, followed by a reference implementation of an nPA-based OpenID provider. In: Information Security Solutions Europe (ISSE) Conference, Madrid, Spain (2008)Google Scholar
  13. 13.
    Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: Http authentication: Basic and digest access authentication (1999)Google Scholar
  14. 14.
    Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally Composable Security Analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Holtmanns, S., Niemi, V., Ginzboorg, P., Laitinen, P., Asokan, N.: Cellular Authentication for Mobile and Internet Services., 1st edn. Wiley Publishing Inc. (2008)Google Scholar
  16. 16.
    Laud, P., Roos, M.: Formal Analysis of the Estonian Mobile-ID Protocol. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 271–286. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Lindholm, A.: Security Evaluation of the OpenID Protocol. Master’s thesis, Royal Institute of Technology (KTH), Stockholm, Sweden (2009)Google Scholar
  18. 18.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, 5th edn., vol. 1, ch.10. CRC Press (2001)Google Scholar
  19. 19.
    Morrissey, P., Smart, N.P., Warinschi, B.: A Modular Security Analysis of the TLS Handshake Protocol. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 55–73. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Niemi, A., Arkko, J., Torvinen, V.: Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA). RFC 3310 (September 2002)Google Scholar
  21. 21.
    Niemi, V., Nyberg, K.: UMTS Security, 1st edn., ch.8. Wiley Publishing Inc. (2003)Google Scholar
  22. 22.
    OpenID Authentication 2.0 - Final (2010), (last accessed March 30, 2011)
  23. 23.
    Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11–16. ACM (2006)Google Scholar
  24. 24.
    Sovis, P., Kohlar, F., Schwenk, J.: Security Analysis of OpenID. In: Freiling, F.C. (ed.) Sicherheit, GI. LNI, vol. 170, pp. 329–340 (2010)Google Scholar
  25. 25.
    Urueña, M., Busquiel, C.: Analysis of a Privacy Vulnerability in the OpenID Authentication Protocol. In: IEEE Multimedia Communications, Services and Security (MCSS 2010), Krakow, Poland (2010)Google Scholar
  26. 26.
    Windley, P.J.: Digital Identity - Ebook edition. O’Reilly Media (2008)Google Scholar
  27. 27.
    Zhang, J., Warkentin, P., Sankhla, V.: AVISPA model for EAP: Extensible Authentication Protocol, (last accessed March 30, 2011)

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Abu Shohel Ahmed
    • 1
  • Peeter Laud
    • 2
    • 3
  1. 1.Ericsson ResearchFinland
  2. 2.Cybernetica ASEstonia
  3. 3.Tartu UniversityEstonia

Personalised recommendations