City Research Online

Mitigating CSRF attacks on OAuth 2.0 Systems

Li, W., Mitchell, C. J. and Chen, T. ORCID: 0000-0001-8037-1685 (2018). Mitigating CSRF attacks on OAuth 2.0 Systems. 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 280-284. doi: 10.1109/PST.2018.8514180 ISSN 1712-364X

Abstract

Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms-OAuth 2.0, OpenID Connect, CSRF.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Departments: School of Mathematics, Computer Science & Engineering > Engineering > Electrical & Electronic Engineering
URI: http://openaccess.city.ac.uk/id/eprint/21570
[img]
Preview
Text - Published Version
Download (126kB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login