A study on secure user authentication and authorization in OAuth protocol

When developing the client with the social network service, the OAuth protocol gets to be mostly followed. The OAuth protocol is the protocol which is being most much used in the company providing the social network service as the protocol which doesn’t expose the user certification information in 3rd Party and is developed in order to give the user resources accessible rights like Google or facebook, twitter, and etc. However, when of the authentication information of this user is exposed on network by the attacker, there is the malicious problem that it can be used. It can classify as the replay attack, phishing attack, and impersonation attack as the general security vulnerability which it can happen in this OAuth protocol. Therefore, before the Access Token is issued in order to this solve the security vulnerability in the OAuth protocol. By using E-mail, the resource owner is authenticated and the access token is safely issued. And it distribute the Access Token and stores. When using the proposed method, it uses the E-mail authentication less than 0.8% can confirm the authentication success rate of the attacker to be safer than the existing method. Because of distributes the access token and storing, although the attacker won the some of user information, it would not allow to use for the user authentication. When seven over distributed the access token, it can check that as in the E-mail authentication it can use since the release time of the access Token has 10 min or greater.

[1]  Chang-Sung Jeong,et al.  Cloud infrastructure for ubiquitous M2M and IoT environment mobile application , 2014, Cluster Computing.

[2]  Feng Yang,et al.  A security analysis of the OAuth protocol , 2013, 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM).

[3]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[4]  R. Bashroush,et al.  A provisioning model towards OAuth 2.0 performance optimization , 2011, 2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS).

[5]  Phil Hunt,et al.  OAuth 2.0 Threat Model and Security Considerations , 2013, RFC.

[6]  Won-Jin Lee Cryptanalysis and Improvement of an E-mail Exchange Protocol with Mutual Authentication , 2013 .

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.