Browse > Article
http://dx.doi.org/10.7472/jksii.2015.16.1.21

The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access  

Chae, Cheol-Joo (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Choi, Kwang-Nam (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Choi, Kiseok (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Yae, Yong-Hee (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Shin, YounJu (Dept. of R&D System Development, Korea Institute of Science and Technology Information)
Publication Information
Journal of Internet Computing and Services / v.16, no.1, 2015 , pp. 21-28 More about this Journal
Abstract
Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.
Keywords
OAuth Protocol; Authorization; Authentication; Access Token; E-mail Authentication;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Seon-Joo Kim, "An Efficient Access Control Mechanism for Application Software using the OAuth in the SaaS Cloud System", Graduate School of PaiChai University, 2013.
2 Jeong-Kyung Moon, "A Delegator for Authentication Management System using OAuth in Cloud Computing Environment", Graduate School of Kongju National University, 2013.
3 Myung Hyun Han, "Research on the extended OAuth protocol for real-name authentication", Graduate of School of Information Technology Chung-Ang University, 2013.
4 Meng-Yu Wu, Tsern-Huei Lee, "Design and Implementation of Cloud API Access Control Based on OAuth", In Proc. Of TENCON Spring Conference, 2013. http://dx.doi.org/10.1109/TENCONSpring.2013.6584492   DOI
5 http://en.wikipedia.org/wiki/OAuth
6 Daeyoung Heo, Suntae Hwang, "OAuth based Proxy Delegation Service", Journal of Internet Computing and Services, Vol. 13, No.6, 2012, pp. 55-62 http://dx.doi.org/10.7472/jksii.2012.13.6.55   DOI
7 D. Hardt, "The OAuth 2.0 authorization framework," Internet Engineering Task Force(IETF) RFC 6749, 2012.
8 E. Hammer-Lahav, Ed, "The OAuth 1.0 Protocol", Internet Engineering Task Force(IETF) RFC5849, 2010.
9 M. Jones and D. Hardt, "OAuth 2.0 Authorization Framework: Bearer token usage", Internet Engineering Task Force(IETF) RFC6750, 2012.
10 Feng Yang, Sathiamoorthy Manoharan, "A security analysis of the OAuth protocol", In Proc. Of Communications, Computers and Signal Processing (PACRIM), 2013. http://dx.doi.org/10.1109/PACRIM.2013.6625487   DOI
11 T. Lodderstedt, M. McGloin, and P. Hunt, "OAuth 2.0 threat model and security considerations", Internet Engineering Task Force(IETF) RFC6819, 2013.
12 K. P. L. Francisco Corella, "Security analysis of double redirection protocols", Pomcor, Tech. Rep., 2011.
13 J. Richer, W. Mills, and H. Tschofenig, "OAuth 2.0 message authentication code (MAC) tokens", draft-ietf-oauth-v2-http-mac-02, 2012.
14 Won-Jin Lee, Kee-Won Kim, "Cryptanalysis and Improvement of an E-mail Exchange Protocol with Mutual Authentication", Journal of KIIT, Vol 11, No. 10, 2013, pp. 61-68.
15 Hae-Soon Ahn, Jongjung Woo, Ki-Dong Bu, "Robust E-mail Exchange Protocol with Mutual Authentication", Journal of KIIT, Vol. 10, No. 11, 2012, pp. 105-112.