کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
6872818 1440624 2018 60 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Android single sign-on security: Issues, taxonomy and directions
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر نظریه محاسباتی و ریاضیات
پیش نمایش صفحه اول مقاله
Android single sign-on security: Issues, taxonomy and directions
چکیده انگلیسی
In this work, we first describe the OAuth 2.0 authorization code grant flow and the implicit grant flow in detail and summarize the differences between the Web environment and the Android environment that affect OAuth 2.0 security. Then, we summarize the security issues in the implementations of OAuth 2.0 on Android. These security issues include: storing client_secret or access token locally, using embedded WebView as user-agent, incorrect usage of authentication proof, handling redirection in mobile app improperly, lacking transmission protection and third-party app authentication. Attacks on these vulnerabilities, such as WebView hijacking, linking hijacking and phishing, as well as attack results are elaborated subsequently. Against these security issues and attacks, we summarize the related research work in terms of vulnerability analysis, defense, and protocol analysis. At last, we discuss the directions for mitigating these security issues and discuss some OAuth-based protocols for the IoT environment.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Future Generation Computer Systems - Volume 89, December 2018, Pages 402-420
نویسندگان
, , , ,