Browse > Article
http://dx.doi.org/10.14400/JDC.2014.12.8.289

Secure User Authority Authentication Method in the Open Authorization  

Chae, Cheol-Joo (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Lee, June-Hwan (Dept. of Smart Mobile, Far East University)
Cho, Han-Jin (Dept. of Smart Mobile, Far East University)
Publication Information
Journal of Digital Convergence / v.12, no.8, 2014 , pp. 289-294 More about this Journal
Abstract
Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.
Keywords
Open Authorization; OAuth Vulnerability; Authorization; Authentication; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jeong-Kyung Moon, A Delegator for Authentication Management System using OAuth in Cloud Computing Environment, Graduate School of Kongju National University, 2013.
2 Myung Hyun Han, Research on the extended OAuth protocol for real-name authentication, Graduate of School of Information Technology Chung-Ang University, 2013.
3 E. Hammer-Lahav, The Oauth 1.0 Protocol. Internet Engineering Task Force(IETF) RFC 5849, 2010.
4 Mohamed Shehab, Said Marouf, Recommendation Models for Open Authorization. IEEE transactions on dependable and secure computing, Vol. 9, No. 4, 583-595, 2012.   DOI   ScienceOn
5 D. Hardt, The OAuth 2.0 Authorization Framework. Internet Engineering Task Force(IETF) RFC 6749, 2012.
6 M. Jones, The OAuth 2.0 Authorization Framework: Bear Token Usage. Internet Engineering Task Force(IETF) RFC 6750, 2012.
7 M. Noureddine, R. Bashroush, A Provisioning Model towards OAuth 2.0 Performance Optimization. Proceedings of the 2011 10th IEEE International Conference On Cybernetic Intelligent Systems, pp. 76-80, 2011.
8 Sooyoung Lee, Jonguk Kim, Sukin Kang, Manpyo Hong, Improving the Security of OAuth Client using Obfuscation Techniques, Proceedings of the 2013 KSII Conference, Vol. 14, No. 1, pp. 159-60, 2013.
9 Young Gon Jung, Sanf Rea Lee, Gi Hun JANG, Heung Youl YOUM, Security Problems for Secure OAuth authentication protocol, Proceesings of the 2011 KICS Conference, pp. 952-953, 2011.
10 Feng Yang, Sathiamoorthy Manoharan, A security analysis of the OAuth protocol. In Proc. Of Communications, Computers and Signal Processing, pp. 271-276, 2013
11 Seon-Joo Kim, An Efficient Access Control Mechanism for Application Software using the OAuth in the SaaS Cloud System, Graduate School of PaiChai University, 2013.