[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Verification of OAuth 2.0 Using UPPAAL

  • Conference paper
  • First Online:
Social Transformation – Digital Way (CSI 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 836))

Included in the following conference series:

Abstract

Web services are software services that are accessible over the internet through a set of application program interfaces (APIs). The security of these APIs is a major concern because of their loose coupling, and protection mechanisms are needed to safeguard them from attacks. The simplest of these mechanisms are authentication and authorization. A client that requests access to a web API should be authorized by an end-user who has been authenticated by an authorization server. OAuth 2.0 can be used to achieve this protection. The security properties of a widely used protocol such as OAuth 2.0 should be verified, since many systems depend on this protocol for protection. This paper focuses on verifying three important classes of properties of OAuth 2.0, namely safety, liveness, and absence of deadlock. A model of the OAuth protocol was developed using UPPAAL, a tool used for modeling and verification. This model consists of four finite state machines, one representing each of the roles in OAuth 2.0, and the properties of interest were verified using this model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Mouli, V.R., Jevitha, K.: Web services attacks and security-a systematic literature review. Procedia Comput. Sci. 93, 870–877 (2016)

    Article  Google Scholar 

  2. Poornachandran, P., Nithun, M., Pal, S., Ashok, A., Ajayan, A.: Password reuse behavior: how massive online data breaches impacts personal data in web. In: Saini, H.S., Sayal, R., Rawat, S.S. (eds.) Innovations in Computer Science and Engineering. AISC, vol. 413, pp. 199–210. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0419-3_24

    Chapter  Google Scholar 

  3. Franks, J., et al.: HTTP authentication: basic and digest access authentication. Technical report (1999)

    Google Scholar 

  4. Luo, X., Chen, Y., Gu, M., Wu, L.: Model checking needham-schroeder security protocol based on temporal logic of knowledge. In: 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing. NSWCTC 2009, vol. 2, pp. 551–554. IEEE (2009)

    Google Scholar 

  5. Díaz, G., Cuartero, F., Valero, V., Pelayo, F.: Automatic verification of the TLS handshake protocol. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 789–794. ACM (2004)

    Google Scholar 

  6. Yuan, T., et al.: Formalization and verification of REST on HTTP using CSP. Electron. Notes Theor. Comput. Sci. 309, 75–93 (2014)

    Article  Google Scholar 

  7. Yan, H., Fang, H., Kuka, C., Zhu, H.: Verification for OAuth using ASLan++. In: 2015 IEEE 16th International Symposium on High Assurance Systems Engineering (HASE), pp. 76–84. IEEE (2015)

    Google Scholar 

  8. Fett, D., Küsters, R., Schmitz, G.: A comprehensive formal security analysis of OAuth 2.0. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1204–1215. ACM (2016)

    Google Scholar 

  9. Pai, S., Sharma, Y., Kumar, S., Pai, R.M., Singh, S.: Formal verification of OAuth 2.0 using alloy framework. In: 2011 International Conference on Communication Systems and Network Technologies (CSNT), pp. 655–659. IEEE (2011)

    Google Scholar 

  10. Richer, J., Sanso, A.: OAuth 2 in Action. Manning Publications, Shelter Island (2017)

    Google Scholar 

  11. Hardt, D.: The OAuth 2.0 authorization framework (2012)

    Google Scholar 

  12. Lodderstedt, T., McGloin, M., Hunt, P.: OAuth 2.0 threat model and security considerations (2013)

    Google Scholar 

  13. Behrmann, G., David, A., Larsen, K.G.: A tutorial on UPPAAL 4.0 (2006, 2014). URL http://www.it.uu.se/research/group/darts/papers/texts/new-tutorial.pdf

  14. Larsen, K.G., Pettersson, P., Yi, W.: Uppaal in a nutshell. Int. J. Softw. Tools Technol. Transf. (STTT) 1(1), 134–152 (1997)

    Article  Google Scholar 

  15. Baier, C., Katoen, J.P., Larsen, K.G.: Principles of Model Checking. MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  16. Sabnani, K.: An algorithmic technique for protocol verification. IEEE Trans. Commun. 36(8), 924–931 (1988)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TIFAC-CORE in Cyber Security, Amrita Vishwa Vidyapeetham, Coimbatore, India

    K. S. Jayasri

  2. Department of Computer Science and Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India

    K. P. Jevitha

  3. Department of Computer Science and Engineering, State University of New York at Buffalo, Buffalo, USA

    B. Jayaraman

Authors
  1. K. S. Jayasri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. P. Jevitha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. B. Jayaraman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. S. Jayasri .

Editor information

Editors and Affiliations

  1. Kalyani University, Kalyani, India

    Jyotsna Kumar Mandal

  2. University of Calcutta, Kolkata, India

    Devadatta Sinha

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jayasri, K.S., Jevitha, K.P., Jayaraman, B. (2018). Verification of OAuth 2.0 Using UPPAAL. In: Mandal, J., Sinha, D. (eds) Social Transformation – Digital Way. CSI 2018. Communications in Computer and Information Science, vol 836. Springer, Singapore. https://doi.org/10.1007/978-981-13-1343-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-1343-1_7

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-1342-4

  • Online ISBN: 978-981-13-1343-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation