Skip to main content
SpringerLink
Log in

A study on secure user authentication and authorization in OAuth protocol

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

When developing the client with the social network service, the OAuth protocol gets to be mostly followed. The OAuth protocol is the protocol which is being most much used in the company providing the social network service as the protocol which doesn’t expose the user certification information in 3rd Party and is developed in order to give the user resources accessible rights like Google or facebook, twitter, and etc. However, when of the authentication information of this user is exposed on network by the attacker, there is the malicious problem that it can be used. It can classify as the replay attack, phishing attack, and impersonation attack as the general security vulnerability which it can happen in this OAuth protocol. Therefore, before the Access Token is issued in order to this solve the security vulnerability in the OAuth protocol. By using E-mail, the resource owner is authenticated and the access token is safely issued. And it distribute the Access Token and stores. When using the proposed method, it uses the E-mail authentication less than 0.8% can confirm the authentication success rate of the attacker to be safer than the existing method. Because of distributes the access token and storing, although the attacker won the some of user information, it would not allow to use for the user authentication. When seven over distributed the access token, it can check that as in the E-mail authentication it can use since the release time of the access Token has 10 min or greater.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Kim, S.-J.: An Efficient Access Control Mechanism for Application Software using the OAuth in the SaaS Cloud System. Graduate School of PaiChai University, Daejeon (2013)

    Google Scholar 

  2. Moon, J.-K.: A Delegator for Authentication Management System using OAuth in Cloud Computing Environment. Graduate School of Kongju National University, Daejeon (2013)

    Google Scholar 

  3. Seo, D.B., Jeong, C.-S., Jeon, Y.-B., Lee, K.-H.: Cloud infrastructure for ubiquitous M2M and IoT environment mobile application. J. Clust. Comput. 18(2), 599–608 (2015)

    Article  Google Scholar 

  4. Hardt, D.: The OAuth 2.0 Authorization Framework. Internet Engineering Task Force (IETF) RFC 6749 (2012)

  5. Jones, M.: The OAuth 2.0 Authorization Framework: Bear Token Usage. Internet Engineering Task Force (IETF) RFC 6750 (2012)

  6. Noureddine, M., Bashroush, R.: A Provisioning Model towards OAuth 2.0 Performance Optimization. In: Proceedings of the 2011 10th IEEE International Conference On Cybernetic Intelligent Systems, pp. 76–80 (2011)

  7. http://bcho.tistory.com/999

  8. Choi, Y.-K.: A User Authentication Mechanism for IoT Network based on OAuth Protocol. AJOU University, Suwon (2015)

    Google Scholar 

  9. OAuth Community Reports.: User Authentication with OAuth 2.0. http://oauth.net/articles/authentication. Accessed June 9 (2016)

  10. Hammer, E.: OAuth 2.0 and the Road to Hell. https://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell (2016)

  11. Kim, J.-W.: A Study on Security Problems of OAuth Token Usage. Soongsil University, Seoul (2016)

    Google Scholar 

  12. Lee, S., Kim, J., Kang, S., Hong, M.: Improving the Security of OAuth Client using Obfuscation Techniques. In: Proceedings of the 2013 KSII Conference, Vol. 14, No. 1, pp. 159–160 (2013)

  13. Jung, Y.G., Lee, S.R., Jang, G.H., Youm, H.Y.: Security Problems for Secure OAuth Authentication Protocol. In: Proceesings of the 2011 KICS Conference, pp. 952–953 (2011)

  14. Yang, F., Manoharan, S.: A Security Analysis of the OAuth Protocol. In: Proceedings of Communications, Computers and Signal Processing, pp. 271–276 (2013)

  15. Lodderstedt, T., McGloin, M., Hunt, P.: OAuth 2.0 threat model and security considerations. Internet Engineering Task Force RFC 6819 (2013)

  16. Lee, W.-J., Kim, K.-W.: Cryptanalysis and improvement of an e-mail exchange protocol with mutual authentication. J. KIIT 11(10), 61–68 (2013)

    Google Scholar 

  17. Ahn, H.-S., Woo, J., Ki-Dong, B.: Robust e-mail exchange protocol with mutual authentication. J. KIIT 10(11), 105–112 (2012)

    Google Scholar 

  18. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

This work was supported by the Far East University Research Grant (FEU2016S01).

Author information

Authors and Affiliations

  1. Korea National College of Agriculture and Fisheries, Kongjwipatjwi-ro, Wansan-gu, Jeonju, Republic of Korea

    Cheol-Joo Chae

  2. Department of Computer Information, Daejeon Health Science College, 21 Chungjeong-ro, Dong-Gu, Daejeon, Republic of Korea

    Ki-Bong Kim

  3. Department of Smart Mobile, Far East University, Eumseong, Republic of Korea

    Han-Jin Cho

Authors
  1. Cheol-Joo Chae
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ki-Bong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Han-Jin Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Han-Jin Cho.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chae, CJ., Kim, KB. & Cho, HJ. A study on secure user authentication and authorization in OAuth protocol. Cluster Comput 22 (Suppl 1), 1991–1999 (2019). https://doi.org/10.1007/s10586-017-1119-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-1119-6

Keywords

Search

Navigation