Security Analysis of Attack Surfaces on the Grant Negotiation and Authorization Protocol
Typ
Examensarbete för masterexamen
Program
Publicerad
2021
Författare
Axeland, Åke
Oueidat, Omar
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Accessibility is a booming practice, with applications incorporating easy authentication
and authorization increasing. OAuth 2.0 is a framework created to easily
integrate resourceful platforms with a client application, giving users the opportunity
to access their resources in different means while only storing them in one place.
Due to resources often being confidential or private the security of such frameworks
is imperative. GNAP is a new protocol inspired by OAuth 2.0, created with the intention
to uphold security standards of modern application usage. This thesis tests
GNAP and its robustness against legacy attacks targeting OAuth 2.0. The tests consist
of vulnerable redirect URI attacks, access code hijacking, CSRF, and AS mix-up
attacks. Results show that due to GNAP’s cryptographic-based design, attacks that
utilize data manipulation or additional input are not possible in the environment
created for the thesis. However, given the less secured client instance in the protocol,
AS mix-up attacks are possible in a niche environment given the assumptions made
in the thesis.
Beskrivning
Ämne/nyckelord
OAuth 2.0 , OAuth 2.1 , GNAP , authentication , authorization , security