City Research Online

Mitigating CSRF attacks on OAuth 2.0 Systems

Li, W., Mitchell, C. J. & Chen, T. ORCID: 0000-0001-8037-1685 (2018). Mitigating CSRF attacks on OAuth 2.0 Systems. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST). 16th Annual Conference on Provacy, Security and Trust (PST), 28-30 August 2018, Belfast, Northern Ireland, United Kingdom. doi: 10.1109/PST.2018.8514180


Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms-OAuth 2.0, OpenID Connect, CSRF.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Departments: School of Science & Technology > Engineering
[thumbnail of mcaoo2.pdf]
Text - Published Version
Download (126kB) | Preview


Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email


Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login