A Novel Secure and Privacy-Preserving Model for OpenID Connect Based on Blockchain

OpenID Connect (OIDC) is one of the most widely used delegated authentication protocols in web and mobile applications providing a single sign-on experience. It allows third-party applications, called Relying Parties (RP), to securely request and receive information about authenticated sessions and end-users from an identity provider. The OIDC specification defines several parameters, including the client_id, client_secret, authorization code, access token, id token, state, and redirect_uri, as keys to the protocol operation, with significant security and privacy implications. Therefore, securing these parameters is critical to prevent attackers from impersonating legitimate entities, gaining unauthorized access, having complete control over users’ accounts, and/or violating their privacy. To enhance OIDC security and preserve its users’ privacy, we propose a novel model for OIDC based on the Ethereum Blockchain and the non-fungible token (ERC721) standard. To prove the robustness and safety of the proposed system, we perform a detailed security analysis formally using the most widely accepted protocols security verification tools, AVISPA and Scyther, and informally by discussing various attacks. The analysis results show that the proposed system is resilient against well-known attacks. Furthermore, we evaluate the cost and performance of the proposed solution, confirming its affordability and assuring that our approach does not impact the user experience and performance of existing OIDC-based systems. Finally, we conduct a security and privacy comparative analysis with similar existing systems, proving the superiority and efficiency of our proposed Blockchain-based OIDC system.