Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
Authors
Date
2012Discipline
Mobile Technology and Business (maisteriohjelma)Master's Degree Programme in Mobile Technology and BusinessCopyright
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
The combined use of OpenID and OAuth for authentication and authorization is gaining
popularity day by day in Internet. Because of its simplicity to understand, use and robustness,
they are used in many domains in web, especially where the apps and user base are huge like
social networking. Also it reduces the burden of typing the password every time for
authentication and authorization especially in hand-held gadgets.
After a simple problem scenario discussion, it is clear that the OpenID+OAuth combination has
some drawbacks from the authentication perspective. The two major problems discussed here
include problems caused due to transfer of user credentials over Internet and complexity in
setting up of two protocols separately for authentication and authorization.
Both the problems are addressed by extending OAuth2.0. By using Kerberos-like authentication,
the user has the possibility of not passing the credentials over Internet. It is worth to note that,
OAuth2.0 also uses some kind of tokens for authorizations similar to Kerberos. It could be seen
that extending OAuth2.0 to perform authentication removes the need for OpenID and its
problems completely.
...
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29561]
Related items
Showing items with similar title or keywords.
-
Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
Syynimaa, Nestori (SCITEPRESS Science And Technology Publications, 2022)Azure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have ... -
An Efficient and Privacy-Preserving Blockchain-Based Authentication Scheme for Low Earth Orbit Satellite Assisted Internet of Things
Wang, Biying; Chang, Zheng; Li, Shancang; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Recently, integrating satellite networks (e.g. Low-earth-orbit satellite constellation) into the Internet of Things (IoT) ecosystem has emerged as a potential paradigm to provide more reliable, ubiquitous and seamless ... -
Authorized authentication evaluation framework for constrained environments
Poikolainen, Janne (2016)Internetin kasvu ei perustu tällä hetkellä vain uusien solmujen määrään, vaan Internet on levittäytymässä aivan uusille alueille. Viimeaikoina erilaiset tavat kerätä tietoa ja ohjata laitteita uusin tavoin ovat yleistyneet ... -
The State of Phishing : An Analysis on The Indicators of Phishing Attacks
Airaksinen, Miku (2022)Tämän Pro Gradu -tutkielman tavoitteena oli analysoida kalasteluviestinnän sisältöä ja määritellä ne viestinnän piirteet, jotka viestinnän vastaanottava käyttäjä pystyy tunnistamaan kalastelun indikaattoreiksi. Tätä työtä ... -
Protecting against social engineering attacks in a corporate environment
Ali-Kovero, Jouni (2020)Tämän Pro gradu –tutkielman tarkoitus on tutkia yritysten tapoja suojautua käyttäjän manipulointiin (eng. Social Engineering) pyrkiviltä hyökkäyksiltä. Tutkielma toteutettiin kirjallisuuskatsauksen ja haastatteluihin ...