Security Issues in OAuth 2.0 SSO Implementations
- Submitting institution
-
University of Aberdeen
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 171416642
- Type
- E - Conference contribution
- DOI
-
10.1007/978-3-319-13257-0_34
- Title of conference / published proceedings
- International Conference on Information Security
- First page
- 529
- Volume
- 8783
- Issue
- -
- ISSN
- 0302-9743
- Open access status
- Out of scope for open access requirements
- Month of publication
- October
- Year of publication
- 2014
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
1
- Research group(s)
-
-
- Citation count
- -
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- We report on a detailed study of OAuth 2.0 implementation security for ten major identity providers and 60 relying parties, all based in China. This work is significant as the first field study of OAuth 2.0 systems in China, and it reveals two critical vulnerabilities which allow an attacker to control a victim user’s accounts at a relying party without knowing the user’s account name or password. This work also helps many IdPs and RPs improve the security of their OAuth 2.0 systems. Ctrip acknowledged the findings of the paper by listing Dr Li in its Hall of Fame (https://sec.ctrip.com/ranking/2014/).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -