کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
6872818 | 1440624 | 2018 | 60 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Android single sign-on security: Issues, taxonomy and directions
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
کلمات کلیدی
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
نظریه محاسباتی و ریاضیات
پیش نمایش صفحه اول مقاله

چکیده انگلیسی
In this work, we first describe the OAuth 2.0 authorization code grant flow and the implicit grant flow in detail and summarize the differences between the Web environment and the Android environment that affect OAuth 2.0 security. Then, we summarize the security issues in the implementations of OAuth 2.0 on Android. These security issues include: storing client_secret or access token locally, using embedded WebView as user-agent, incorrect usage of authentication proof, handling redirection in mobile app improperly, lacking transmission protection and third-party app authentication. Attacks on these vulnerabilities, such as WebView hijacking, linking hijacking and phishing, as well as attack results are elaborated subsequently. Against these security issues and attacks, we summarize the related research work in terms of vulnerability analysis, defense, and protocol analysis. At last, we discuss the directions for mitigating these security issues and discuss some OAuth-based protocols for the IoT environment.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Future Generation Computer Systems - Volume 89, December 2018, Pages 402-420
Journal: Future Generation Computer Systems - Volume 89, December 2018, Pages 402-420
نویسندگان
Xing Liu, Jiqiang Liu, Wei Wang, Sencun Zhu,