Mitigating CSRF attacks on OAuth 2.0 Systems
Li, W., Mitchell, C. J. & Chen, T. 
ORCID: 0000-0001-8037-1685 (2018).
Mitigating CSRF attacks on OAuth 2.0 Systems.
In:
2018 16th Annual Conference on Privacy, Security and Trust (PST).
16th Annual Conference on Provacy, Security and Trust (PST), 28-30 August 2018, Belfast, Northern Ireland, United Kingdom.
doi: 10.1109/PST.2018.8514180
Abstract
Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms-OAuth 2.0, OpenID Connect, CSRF.
| Publication Type: | Conference or Workshop Item (Paper) |
|---|---|
| Additional Information: | © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
| Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
| Departments: | School of Science & Technology > Engineering |
Download (126kB) | Preview
Export
Downloads
Downloads per month over past year
Metadata
MetadataActions (login required)
Admin Login