SOAP: A Social Authentication Protocol Article Swipe
Felix Linker
,
David Basin
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2402.03199
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2402.03199
Social authentication has been suggested as a usable authentication ceremony to replace manual key authentication in messaging applications. Using social authentication, chat partners authenticate their peers using digital identities managed by identity providers. In this paper, we formally define social authentication, present a protocol called SOAP that largely automates social authentication, formally prove SOAP's security, and demonstrate SOAP's practicality in two prototypes. One prototype is web-based, and the other is implemented in the open-source Signal messaging application. Using SOAP, users can significantly raise the bar for compromising their messaging accounts. In contrast to the default security provided by messaging applications such as Signal and WhatsApp, attackers must compromise both the messaging account and all identity provider-managed identities to attack a victim. In addition to its security and automation, SOAP is straightforward to adopt as it is built on top of the well-established OpenID Connect protocol.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2402.03199
- https://arxiv.org/pdf/2402.03199
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4391591438
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4391591438Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2402.03199Digital Object Identifier
- Title
-
SOAP: A Social Authentication ProtocolWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-02-05Full publication date if available
- Authors
-
Felix Linker, David BasinList of authors in order
- Landing page
-
https://arxiv.org/abs/2402.03199Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2402.03199Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2402.03199Direct OA link when available
- Concepts
-
Protocol (science), SOAP, Authentication protocol, Authentication (law), Computer security, Computer science, Internet privacy, Business, World Wide Web, Medicine, Alternative medicine, PathologyTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4391591438 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2402.03199 |
| ids.doi | https://doi.org/10.48550/arxiv.2402.03199 |
| ids.openalex | https://openalex.org/W4391591438 |
| fwci | |
| type | preprint |
| title | SOAP: A Social Authentication Protocol |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11800 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.906499981880188 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1710 |
| topics[0].subfield.display_name | Information Systems |
| topics[0].display_name | User Authentication and Security Systems |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C2780385302 |
| concepts[0].level | 3 |
| concepts[0].score | 0.6993855237960815 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q367158 |
| concepts[0].display_name | Protocol (science) |
| concepts[1].id | https://openalex.org/C17881449 |
| concepts[1].level | 2 |
| concepts[1].score | 0.6928730010986328 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q189620 |
| concepts[1].display_name | SOAP |
| concepts[2].id | https://openalex.org/C21564112 |
| concepts[2].level | 3 |
| concepts[2].score | 0.5503248572349548 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q4825885 |
| concepts[2].display_name | Authentication protocol |
| concepts[3].id | https://openalex.org/C148417208 |
| concepts[3].level | 2 |
| concepts[3].score | 0.5351921319961548 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q4825882 |
| concepts[3].display_name | Authentication (law) |
| concepts[4].id | https://openalex.org/C38652104 |
| concepts[4].level | 1 |
| concepts[4].score | 0.5293619632720947 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[4].display_name | Computer security |
| concepts[5].id | https://openalex.org/C41008148 |
| concepts[5].level | 0 |
| concepts[5].score | 0.45281782746315 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[5].display_name | Computer science |
| concepts[6].id | https://openalex.org/C108827166 |
| concepts[6].level | 1 |
| concepts[6].score | 0.3982307016849518 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q175975 |
| concepts[6].display_name | Internet privacy |
| concepts[7].id | https://openalex.org/C144133560 |
| concepts[7].level | 0 |
| concepts[7].score | 0.3856184482574463 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q4830453 |
| concepts[7].display_name | Business |
| concepts[8].id | https://openalex.org/C136764020 |
| concepts[8].level | 1 |
| concepts[8].score | 0.16873398423194885 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q466 |
| concepts[8].display_name | World Wide Web |
| concepts[9].id | https://openalex.org/C71924100 |
| concepts[9].level | 0 |
| concepts[9].score | 0.09945955872535706 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q11190 |
| concepts[9].display_name | Medicine |
| concepts[10].id | https://openalex.org/C204787440 |
| concepts[10].level | 2 |
| concepts[10].score | 0.0 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q188504 |
| concepts[10].display_name | Alternative medicine |
| concepts[11].id | https://openalex.org/C142724271 |
| concepts[11].level | 1 |
| concepts[11].score | 0.0 |
| concepts[11].wikidata | https://www.wikidata.org/wiki/Q7208 |
| concepts[11].display_name | Pathology |
| keywords[0].id | https://openalex.org/keywords/protocol |
| keywords[0].score | 0.6993855237960815 |
| keywords[0].display_name | Protocol (science) |
| keywords[1].id | https://openalex.org/keywords/soap |
| keywords[1].score | 0.6928730010986328 |
| keywords[1].display_name | SOAP |
| keywords[2].id | https://openalex.org/keywords/authentication-protocol |
| keywords[2].score | 0.5503248572349548 |
| keywords[2].display_name | Authentication protocol |
| keywords[3].id | https://openalex.org/keywords/authentication |
| keywords[3].score | 0.5351921319961548 |
| keywords[3].display_name | Authentication (law) |
| keywords[4].id | https://openalex.org/keywords/computer-security |
| keywords[4].score | 0.5293619632720947 |
| keywords[4].display_name | Computer security |
| keywords[5].id | https://openalex.org/keywords/computer-science |
| keywords[5].score | 0.45281782746315 |
| keywords[5].display_name | Computer science |
| keywords[6].id | https://openalex.org/keywords/internet-privacy |
| keywords[6].score | 0.3982307016849518 |
| keywords[6].display_name | Internet privacy |
| keywords[7].id | https://openalex.org/keywords/business |
| keywords[7].score | 0.3856184482574463 |
| keywords[7].display_name | Business |
| keywords[8].id | https://openalex.org/keywords/world-wide-web |
| keywords[8].score | 0.16873398423194885 |
| keywords[8].display_name | World Wide Web |
| keywords[9].id | https://openalex.org/keywords/medicine |
| keywords[9].score | 0.09945955872535706 |
| keywords[9].display_name | Medicine |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2402.03199 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2402.03199 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2402.03199 |
| locations[1].id | doi:10.48550/arxiv.2402.03199 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2402.03199 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5093307857 |
| authorships[0].author.orcid | https://orcid.org/0009-0000-7886-4480 |
| authorships[0].author.display_name | Felix Linker |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Linker, Felix |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5025344654 |
| authorships[1].author.orcid | https://orcid.org/0000-0003-2952-939X |
| authorships[1].author.display_name | David Basin |
| authorships[1].author_position | last |
| authorships[1].raw_author_name | Basin, David |
| authorships[1].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2402.03199 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | SOAP: A Social Authentication Protocol |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11800 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.906499981880188 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1710 |
| primary_topic.subfield.display_name | Information Systems |
| primary_topic.display_name | User Authentication and Security Systems |
| related_works | https://openalex.org/W2034419863, https://openalex.org/W2296396257, https://openalex.org/W3007106793, https://openalex.org/W2132505069, https://openalex.org/W1965515427, https://openalex.org/W2547137208, https://openalex.org/W2116285675, https://openalex.org/W2054202867, https://openalex.org/W2109882692, https://openalex.org/W2061637199 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2402.03199 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2402.03199 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2402.03199 |
| primary_location.id | pmh:oai:arXiv.org:2402.03199 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2402.03199 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2402.03199 |
| publication_date | 2024-02-05 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 6, 42, 119 |
| abstract_inverted_index.In | 33, 90, 121 |
| abstract_inverted_index.as | 5, 101, 133 |
| abstract_inverted_index.by | 30, 97 |
| abstract_inverted_index.in | 15, 59, 71 |
| abstract_inverted_index.is | 64, 69, 129, 135 |
| abstract_inverted_index.it | 134 |
| abstract_inverted_index.of | 139 |
| abstract_inverted_index.on | 137 |
| abstract_inverted_index.to | 10, 92, 117, 123, 131 |
| abstract_inverted_index.we | 36 |
| abstract_inverted_index.One | 62 |
| abstract_inverted_index.all | 113 |
| abstract_inverted_index.and | 55, 66, 103, 112, 126 |
| abstract_inverted_index.bar | 84 |
| abstract_inverted_index.can | 80 |
| abstract_inverted_index.for | 85 |
| abstract_inverted_index.has | 2 |
| abstract_inverted_index.its | 124 |
| abstract_inverted_index.key | 13 |
| abstract_inverted_index.the | 67, 72, 83, 93, 109, 140 |
| abstract_inverted_index.top | 138 |
| abstract_inverted_index.two | 60 |
| abstract_inverted_index.SOAP | 45, 128 |
| abstract_inverted_index.been | 3 |
| abstract_inverted_index.both | 108 |
| abstract_inverted_index.chat | 21 |
| abstract_inverted_index.must | 106 |
| abstract_inverted_index.such | 100 |
| abstract_inverted_index.that | 46 |
| abstract_inverted_index.this | 34 |
| abstract_inverted_index.SOAP, | 78 |
| abstract_inverted_index.Using | 18, 77 |
| abstract_inverted_index.adopt | 132 |
| abstract_inverted_index.built | 136 |
| abstract_inverted_index.other | 68 |
| abstract_inverted_index.peers | 25 |
| abstract_inverted_index.prove | 52 |
| abstract_inverted_index.raise | 82 |
| abstract_inverted_index.their | 24, 87 |
| abstract_inverted_index.users | 79 |
| abstract_inverted_index.using | 26 |
| abstract_inverted_index.OpenID | 142 |
| abstract_inverted_index.SOAP's | 53, 57 |
| abstract_inverted_index.Signal | 74, 102 |
| abstract_inverted_index.Social | 0 |
| abstract_inverted_index.attack | 118 |
| abstract_inverted_index.called | 44 |
| abstract_inverted_index.define | 38 |
| abstract_inverted_index.manual | 12 |
| abstract_inverted_index.paper, | 35 |
| abstract_inverted_index.social | 19, 39, 49 |
| abstract_inverted_index.usable | 7 |
| abstract_inverted_index.Connect | 143 |
| abstract_inverted_index.account | 111 |
| abstract_inverted_index.default | 94 |
| abstract_inverted_index.digital | 27 |
| abstract_inverted_index.largely | 47 |
| abstract_inverted_index.managed | 29 |
| abstract_inverted_index.present | 41 |
| abstract_inverted_index.replace | 11 |
| abstract_inverted_index.victim. | 120 |
| abstract_inverted_index.addition | 122 |
| abstract_inverted_index.ceremony | 9 |
| abstract_inverted_index.contrast | 91 |
| abstract_inverted_index.formally | 37, 51 |
| abstract_inverted_index.identity | 31, 114 |
| abstract_inverted_index.partners | 22 |
| abstract_inverted_index.protocol | 43 |
| abstract_inverted_index.provided | 96 |
| abstract_inverted_index.security | 95, 125 |
| abstract_inverted_index.WhatsApp, | 104 |
| abstract_inverted_index.accounts. | 89 |
| abstract_inverted_index.attackers | 105 |
| abstract_inverted_index.automates | 48 |
| abstract_inverted_index.messaging | 16, 75, 88, 98, 110 |
| abstract_inverted_index.protocol. | 144 |
| abstract_inverted_index.prototype | 63 |
| abstract_inverted_index.security, | 54 |
| abstract_inverted_index.suggested | 4 |
| abstract_inverted_index.compromise | 107 |
| abstract_inverted_index.identities | 28, 116 |
| abstract_inverted_index.providers. | 32 |
| abstract_inverted_index.web-based, | 65 |
| abstract_inverted_index.automation, | 127 |
| abstract_inverted_index.demonstrate | 56 |
| abstract_inverted_index.implemented | 70 |
| abstract_inverted_index.open-source | 73 |
| abstract_inverted_index.prototypes. | 61 |
| abstract_inverted_index.application. | 76 |
| abstract_inverted_index.applications | 99 |
| abstract_inverted_index.authenticate | 23 |
| abstract_inverted_index.compromising | 86 |
| abstract_inverted_index.practicality | 58 |
| abstract_inverted_index.applications. | 17 |
| abstract_inverted_index.significantly | 81 |
| abstract_inverted_index.authentication | 1, 8, 14 |
| abstract_inverted_index.authentication, | 20, 40, 50 |
| abstract_inverted_index.straightforward | 130 |
| abstract_inverted_index.provider-managed | 115 |
| abstract_inverted_index.well-established | 141 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 2 |
| citation_normalized_percentile |