Abstract
When developing the client with the social network service, the OAuth protocol gets to be mostly followed. The OAuth protocol is the protocol which is being most much used in the company providing the social network service as the protocol which doesn’t expose the user certification information in 3rd Party and is developed in order to give the user resources accessible rights like Google or facebook, twitter, and etc. However, when of the authentication information of this user is exposed on network by the attacker, there is the malicious problem that it can be used. It can classify as the replay attack, phishing attack, and impersonation attack as the general security vulnerability which it can happen in this OAuth protocol. Therefore, before the Access Token is issued in order to this solve the security vulnerability in the OAuth protocol. By using E-mail, the resource owner is authenticated and the access token is safely issued. And it distribute the Access Token and stores. When using the proposed method, it uses the E-mail authentication less than 0.8% can confirm the authentication success rate of the attacker to be safer than the existing method. Because of distributes the access token and storing, although the attacker won the some of user information, it would not allow to use for the user authentication. When seven over distributed the access token, it can check that as in the E-mail authentication it can use since the release time of the access Token has 10 min or greater.
Similar content being viewed by others
References
Kim, S.-J.: An Efficient Access Control Mechanism for Application Software using the OAuth in the SaaS Cloud System. Graduate School of PaiChai University, Daejeon (2013)
Moon, J.-K.: A Delegator for Authentication Management System using OAuth in Cloud Computing Environment. Graduate School of Kongju National University, Daejeon (2013)
Seo, D.B., Jeong, C.-S., Jeon, Y.-B., Lee, K.-H.: Cloud infrastructure for ubiquitous M2M and IoT environment mobile application. J. Clust. Comput. 18(2), 599–608 (2015)
Hardt, D.: The OAuth 2.0 Authorization Framework. Internet Engineering Task Force (IETF) RFC 6749 (2012)
Jones, M.: The OAuth 2.0 Authorization Framework: Bear Token Usage. Internet Engineering Task Force (IETF) RFC 6750 (2012)
Noureddine, M., Bashroush, R.: A Provisioning Model towards OAuth 2.0 Performance Optimization. In: Proceedings of the 2011 10th IEEE International Conference On Cybernetic Intelligent Systems, pp. 76–80 (2011)
Choi, Y.-K.: A User Authentication Mechanism for IoT Network based on OAuth Protocol. AJOU University, Suwon (2015)
OAuth Community Reports.: User Authentication with OAuth 2.0. http://oauth.net/articles/authentication. Accessed June 9 (2016)
Hammer, E.: OAuth 2.0 and the Road to Hell. https://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell (2016)
Kim, J.-W.: A Study on Security Problems of OAuth Token Usage. Soongsil University, Seoul (2016)
Lee, S., Kim, J., Kang, S., Hong, M.: Improving the Security of OAuth Client using Obfuscation Techniques. In: Proceedings of the 2013 KSII Conference, Vol. 14, No. 1, pp. 159–160 (2013)
Jung, Y.G., Lee, S.R., Jang, G.H., Youm, H.Y.: Security Problems for Secure OAuth Authentication Protocol. In: Proceesings of the 2011 KICS Conference, pp. 952–953 (2011)
Yang, F., Manoharan, S.: A Security Analysis of the OAuth Protocol. In: Proceedings of Communications, Computers and Signal Processing, pp. 271–276 (2013)
Lodderstedt, T., McGloin, M., Hunt, P.: OAuth 2.0 threat model and security considerations. Internet Engineering Task Force RFC 6819 (2013)
Lee, W.-J., Kim, K.-W.: Cryptanalysis and improvement of an e-mail exchange protocol with mutual authentication. J. KIIT 11(10), 61–68 (2013)
Ahn, H.-S., Woo, J., Ki-Dong, B.: Robust e-mail exchange protocol with mutual authentication. J. KIIT 10(11), 105–112 (2012)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Acknowledgements
This work was supported by the Far East University Research Grant (FEU2016S01).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chae, CJ., Kim, KB. & Cho, HJ. A study on secure user authentication and authorization in OAuth protocol. Cluster Comput 22 (Suppl 1), 1991–1999 (2019). https://doi.org/10.1007/s10586-017-1119-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-1119-6