Signing into One Billion Mobile App Accounts Effortlessly with OAuth 2 . 0
@inproceedings{Yang2016SigningIO,
title={Signing into One Billion Mobile App Accounts Effortlessly with OAuth 2 . 0},
author={R. Yang and W. Lau and T. Liu},
year={2016}
}OAuth2.0 protocol has been widely adopted by mainstream Identity Providers (IdPs) to support Single-Sign-On service. Since this protocol was originally designed to serve the authorization need for 3rd party websites, different pitfalls have been uncovered when adapting OAuth to support mobile app authentication. To the best of our knowledge, all the attacks discovered so far, including BlackHat USA’16 [3], CCS’14 [2] and ACSAC’15 [5], require to interact with the victim, for example via… Expand
11 Citations
Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
- Computer Science
- ACSAC
- 2017
- 10
- PDF
Vetting Single Sign-On SDK Implementations via Symbolic Reasoning
- Computer Science
- USENIX Security Symposium
- 2018
- 4
- PDF
A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology
- Computer Science
- IEEE Access
- 2019
- PDF
A reference architecture and implementation enabling data protection in distributed eLearning and eScience processes
- Computer Science
- 2019
- PDF
Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
- Computer Science
- ACM Trans. Priv. Secur.
- 2020
- 1
- PDF
References
SHOWING 1-5 OF 5 REFERENCES
Formal Analysis of a Single Sign-On Protocol Implementation for Android
- Computer Science
- 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS)
- 2015
- 16
- PDF
Vulnerability Assessment of OAuth Implementations in Android Applications
- Computer Science
- ACSAC
- 2015
- 33
- PDF
1000 ways to die in mobile OAuth
- BlackHat USA, 2016.
- 2016
OpenID Connect core 1.0
- The OpenID Foundation, p. S3, 2014.
- 2014