Formal Analysis of Information Card Federated Identity-Management Protocol

Download Now Free registration required

Executive Summary

Information Card (InfoCard) is a user-centric identity management meta-system. It has been accepted as a standard of OASIS Identity Meta-system Interoperability Technical Committee. However, there is currently a lack of security analysis to InfoCard protocol, especially, with formal methods. In this paper, the authors accommodate such a requirement by analyzing security properties of InfoCard protocol adopting a formal protocol analysis tool. Their analysis result discovers that current InfoCard protocol is vulnerable against the session replay attack.

  • Format: PDF
  • Size: 412.55 KB