Security Analysis of Attack Surfaces on the Grant Negotiation and Authorization Protocol

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/304105
Download file(s):
File Description SizeFormat 
CSE 21-100 Oueidat Axeland.pdf1.5 MBAdobe PDFView/Open
Bibliographical item details
FieldValue
Type: Examensarbete för masterexamen
Title: Security Analysis of Attack Surfaces on the Grant Negotiation and Authorization Protocol
Authors: Axeland, Åke
Oueidat, Omar
Abstract: Accessibility is a booming practice, with applications incorporating easy authentication and authorization increasing. OAuth 2.0 is a framework created to easily integrate resourceful platforms with a client application, giving users the opportunity to access their resources in different means while only storing them in one place. Due to resources often being confidential or private the security of such frameworks is imperative. GNAP is a new protocol inspired by OAuth 2.0, created with the intention to uphold security standards of modern application usage. This thesis tests GNAP and its robustness against legacy attacks targeting OAuth 2.0. The tests consist of vulnerable redirect URI attacks, access code hijacking, CSRF, and AS mix-up attacks. Results show that due to GNAP’s cryptographic-based design, attacks that utilize data manipulation or additional input are not possible in the environment created for the thesis. However, given the less secured client instance in the protocol, AS mix-up attacks are possible in a niche environment given the assumptions made in the thesis.
Keywords: OAuth 2.0;OAuth 2.1;GNAP;authentication;authorization;security
Issue Date: 2021
Publisher: Chalmers tekniska högskola / Institutionen för data och informationsteknik
URI: https://hdl.handle.net/20.500.12380/304105
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.