Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem

• URL: http://arxiv.org/abs/2301.12496v3
• Date: Wed, 2 Aug 2023 17:42:35 GMT
• Title: Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem
• Authors: Jaimandeep Singh and Naveen Kumar Chaudhary
• Abstract summary: We propose a new approach for OAuth ecosystem that combines different client and grant types into a unified singular protocol flow for OAuth (USPFO) USPFO aims to reduce the vulnerabilities associated with implementing and configuring different client types and grant types. It provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation, token (or code) thefts and replay attacks through integrity, authenticity, and binding audience.
• Score: 2.3526458707956643
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: OAuth 2.0 is a popular authorization framework that allows third-party clients such as websites and mobile apps to request limited access to a user's account on another application. The specification classifies clients into different types based on their ability to keep client credentials confidential. It also describes different grant types for obtaining access to the protected resources, with the authorization code and implicit grants being the most commonly used. Each client type and associated grant type have their unique security and usability considerations. In this paper, we propose a new approach for OAuth ecosystem that combines different client and grant types into a unified singular protocol flow for OAuth (USPFO), which can be used by both confidential and public clients. This approach aims to reduce the vulnerabilities associated with implementing and configuring different client types and grant types. Additionally, it provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation, token (or code) thefts and replay attacks through integrity, authenticity, and audience binding. The proposed USPFO is largely compatible with existing Internet Engineering Task Force (IETF) Proposed Standard Request for Comments (RFCs), OAuth 2.0 extensions and active internet drafts.

Related papers

• Active-Passive Federated Learning for Vertically Partitioned Multi-view Data [48.985955382701185]
  We propose a flexible Active-Passive Federated learning (APFed) framework. Active client is the initiator of a learning task and responsible to build the complete model, while the passive clients only serve as assistants. In addition, we instance the APFed framework into two classification methods with employing the reconstruction loss and the contrastive loss on passive clients, respectively.
  arXiv  Detail & Related papers  (2024-09-06T08:28:35Z)
• The Emperor is Now Clothed: A Secure Governance Framework for Web User Authentication through Password Managers [0.9599644507730105]
  Existing approaches to facilitate the interaction between password managers and web applications fall short of providing adequate functionality and mitigation strategies against prominent attacks. We propose Berytus, a browser-based governance framework that mediates the interaction between password managers and web applications.
  arXiv  Detail & Related papers  (2024-07-09T19:49:49Z)
• Attribute-Based Authentication in Secure Group Messaging for Distributed Environments [2.254434034390528]
  Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement protocol allow a group of users to share a cryptographic secret in a dynamic manner. The use of digital certificates for authentication in a group goes against the group members' privacy. We provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes.
  arXiv  Detail & Related papers  (2024-05-20T14:09:28Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• SOAP: A Social Authentication Protocol [0.0]
  We formally define social authentication, present a protocol called SOAP that largely automates social authentication, formally prove SOAP's security, and demonstrate SOAP's practicality. One prototype is web-based, and the other is implemented in the open-source Signal messaging application.
  arXiv  Detail & Related papers  (2024-02-05T17:03:10Z)
• FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
  Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
  arXiv  Detail & Related papers  (2023-05-10T12:10:02Z)
• Model Barrier: A Compact Un-Transferable Isolation Domain for Model Intellectual Property Protection [52.08301776698373]
  We propose a novel approach called Compact Un-Transferable Isolation Domain (CUTI-domain) CUTI-domain acts as a barrier to block illegal transfers from authorized to unauthorized domains. We show that CUTI-domain can be easily implemented as a plug-and-play module with different backbones.
  arXiv  Detail & Related papers  (2023-03-20T13:07:11Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)
• Resilient Risk based Adaptive Authentication and Authorization (RAD-AA) Framework [3.9858496473361402]
  We discuss the design considerations for a secure and resilient authentication and authorization framework capable of self-adapting based on the risk scores and trust profiles. We call this framework as Resilient Risk based Adaptive Authentication and Authorization (RAD-AA)
  arXiv  Detail & Related papers  (2022-08-04T11:44:29Z)
• Towards Bidirectional Protection in Federated Learning [70.36925233356335]
  F2ED-LEARNING offers bidirectional defense against malicious centralized server and Byzantine malicious clients. F2ED-LEARNING securely aggregates each shard's update and launches FilterL2 on updates from different shards. evaluation shows that F2ED-LEARNING consistently achieves optimal or close-to-optimal performance.
  arXiv  Detail & Related papers  (2020-10-02T19:37:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.