Security Analysis of Attack Surfaces on the Grant Negotiation and Authorization Protocol

Typ
Examensarbete för masterexamen
Program
Publicerad
2021
Författare
Axeland, Åke
Oueidat, Omar
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Accessibility is a booming practice, with applications incorporating easy authentication and authorization increasing. OAuth 2.0 is a framework created to easily integrate resourceful platforms with a client application, giving users the opportunity to access their resources in different means while only storing them in one place. Due to resources often being confidential or private the security of such frameworks is imperative. GNAP is a new protocol inspired by OAuth 2.0, created with the intention to uphold security standards of modern application usage. This thesis tests GNAP and its robustness against legacy attacks targeting OAuth 2.0. The tests consist of vulnerable redirect URI attacks, access code hijacking, CSRF, and AS mix-up attacks. Results show that due to GNAP’s cryptographic-based design, attacks that utilize data manipulation or additional input are not possible in the environment created for the thesis. However, given the less secured client instance in the protocol, AS mix-up attacks are possible in a niche environment given the assumptions made in the thesis.
Beskrivning
Ämne/nyckelord
OAuth 2.0 , OAuth 2.1 , GNAP , authentication , authorization , security
Citation
Arkitekt (konstruktör)
Geografisk plats
Byggnad (typ)
Byggår
Modelltyp
Skala
Teknik / material
Index