Mitigating CSRF attacks on OAuth 2.0 Systems

Wanpeng Li; Chris J. Mitchell; Thomas Chen

doi:10.1109/PST.2018.8514180

Mitigating CSRF attacks on OAuth 2.0 Systems

Wanpeng Li, Chris J. Mitchell, Thomas Chen

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

Abstract

Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.

Original language	English
Title of host publication	16th Annual Conference on Privacy, Security and Trust (PST)
Publisher	IEEE Explore
Pages	1-5
DOIs	https://doi.org/10.1109/PST.2018.8514180
Publication status	Published - 2018
Externally published	Yes

Access to Document

10.1109/PST.2018.8514180

Cite this

@inproceedings{431472aec0f44ea3a4625af37e0efcfb,

title = "Mitigating CSRF attacks on OAuth 2.0 Systems",

abstract = "Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.",

author = "Wanpeng Li and Mitchell, {Chris J.} and Thomas Chen",

year = "2018",

doi = "10.1109/PST.2018.8514180",

language = "English",

pages = "1--5",

booktitle = "16th Annual Conference on Privacy, Security and Trust (PST)",

publisher = "IEEE Explore",

}

TY - GEN

T1 - Mitigating CSRF attacks on OAuth 2.0 Systems

AU - Li, Wanpeng

AU - Mitchell, Chris J.

AU - Chen, Thomas

PY - 2018

Y1 - 2018

N2 - Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.

AB - Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.

UR - https://ieeexplore.ieee.org/abstract/document/8514180

U2 - 10.1109/PST.2018.8514180

DO - 10.1109/PST.2018.8514180

M3 - Published conference contribution

SP - 1

EP - 5

BT - 16th Annual Conference on Privacy, Security and Trust (PST)

PB - IEEE Explore

ER -

Mitigating CSRF attacks on OAuth 2.0 Systems

Abstract

Access to Document

Other files and links

Fingerprint

Cite this