Corpus ID: 86867153

Signing into One Billion Mobile App Accounts Effortlessly with OAuth 2 . 0

  title={Signing into One Billion Mobile App Accounts Effortlessly with OAuth 2 . 0},
  author={R. Yang and W. Lau and T. Liu},
OAuth2.0 protocol has been widely adopted by mainstream Identity Providers (IdPs) to support Single-Sign-On service. Since this protocol was originally designed to serve the authorization need for 3rd party websites, different pitfalls have been uncovered when adapting OAuth to support mobile app authentication. To the best of our knowledge, all the attacks discovered so far, including BlackHat USA’16 [3], CCS’14 [2] and ACSAC’15 [5], require to interact with the victim, for example via… Expand
11 Citations
SVAuth - A Single-Sign-On Integration Solution with Runtime Verification
  • 1
Vetting Single Sign-On SDK Implementations via Symbolic Reasoning
  • 4
  • PDF
Location Security and Privacy: An LTE Based Approach
Decentralized Action Integrity for Trigger-Action IoT Platforms
  • 53
  • PDF
IoT Threats to the Smart Grid: A Framework for Analyzing Emerging Risks
  • 2
Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
  • 1
  • PDF


Formal Analysis of a Single Sign-On Protocol Implementation for Android
  • 16
  • PDF
OAuth Demystified for Mobile Application Developers
  • 122
  • PDF
Vulnerability Assessment of OAuth Implementations in Android Applications
  • 33
  • PDF
1000 ways to die in mobile OAuth
  • BlackHat USA, 2016.
  • 2016
OpenID Connect core 1.0
  • The OpenID Foundation, p. S3, 2014.
  • 2014