期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

改进的OAuth2.0协议及其安全性分析 被引量:11

Improved OAuth2.0 Protocol and Analysis of its Security
在线阅读 下载PDF
导出
摘要 随着OAuth2.0协议的广泛应用,其安全性受到了人们的重点关注.为了增强OAuth2.0协议的安全性,本文首先引入数字签名技术,提出一个改进的OAuth2.0协议.它支持授权服务器对资源拥有者和客户端的身份认证.并且在计算模型下基于Blanchet演算,应用一致性对授权服务器认证资源拥有者和客户端进行建模,最后使用自动化工具CryptoVerif分析和证明了其认证性. With the wide applicaitons of OAuth2.0 protocol, people have payed a special attention to its security. In order to enhance its security, in this study the digitial signature firstly is introduced, then an improved OAuth2.0 protocol is proposed which has the authentication from authorization server to client and authorization server to resource owner. At the same time based on the Blanchet calculus in computaional model, the correspondence is applied to model the authentication from authorization server to client and authorization server to resource owner, and finally the authentication is proved by CryptoVerif.
作者 陈伟 杨伊彤 牛乐园
机构地区 中南民族大学计算机科学学院
出处 《计算机系统应用》 2014年第3期25-30,39,共7页 Computer Systems & Applications
基金 国家民族事务委员会自然科学基金(12ZN008)
关键词 认证性 计算模型 自动化验证 安全协议 authentication computational model automatic verification security protocol
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1Hardt D. The OAuth 2.0 Authorization Framework. IETF RFC 6749. http://tools.ietf.org/html/rfc6749.
  • 2Chari S, Jutla CS, Roy A. Universally Composable Security Analysis of OAuth v2. 0. IACR Cryptology ePrint Archive, 2011, 2011: 526.
  • 3Corella F, Karen R Lewison. security analysis of double redirection protocols. 2011. http://pomcor.corn/techreports/ DoubleRedirection.pdf.
  • 4时子庆,刘金兰,谭晓华.基于OAuth2.0的认证授权技术[J].计算机系统应用,2012,21(3):260-264. 被引量:62
  • 5Xu XD, Niu LY, Meng B. Automatic verification of security properties of OAuth2.0 protocol with cryptoverif in computational model. Information Technology Journal, 2013, (12): 2273-2285.
  • 6薛锐,雷新锋.安全协议:信息安全保障的灵魂——安全协议分析研究现状与发展趋势[J].中国科学院院刊,2011,26(3):287-296. 被引量:10
  • 7Dolev D, Yao A. On the security of public key protocols. IEEE Trans. on Information Theory, 1983, 29(2): 198-208.
  • 8郑清雄.基于Spi演算的安全协议验证[J].计算机应用与软件,2011,28(3):262-264. 被引量:3
  • 9Blanchet B. A computationally sound mechanized prover for security protocols. IEEE Symposium on Security and Privacy. 2006. 140-154.

二级参考文献31

  • 1薛锐,冯登国.安全协议的形式化分析技术与方法[J].计算机学报,2006,29(1):1-20. 被引量:62
  • 2Yao A C. Theory and application of trapdoor functions. In Proc. 23rd IEEE Symp. on Foundations of Comp. Science, Chicago, 1982 80-91.
  • 3Goldwasser S, Micali S. Probabilistic encryption. JCSS, 1984,28(2):270-299.
  • 4Needham R M and Schroeder M D. "Using encryption for authentication in large networks of computers," Communications of the ACM, 1978, 21(12): 993-999.
  • 5Dolev D, Yao A C. On the security of public- key protocols. IEEE Transactions on Information Theory, 1983, 30(2): 198-208.
  • 6Burrows M, Abadi M, Needham R. "A logic of authentication," ACM Transactions on Computer Systems, 1990, 8(1).. 18-36.
  • 7Abadi M, Rogaway P."Reconciling two views of cryptography (the computational soundness of formal encryption)," in TCS ' 00: Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics. London, UK: Springer- Verlag, 2000: 3-22.
  • 8Micciancio D, Warinschi B. Soundness of formal encryption in the presence of active adversaries. In Moni Naor, editor, Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, Cambridge, MA, USA: Proceedings, volume 2951 of Lecture Notes in Computer Science, Springer, 2004: 133-151.
  • 9Canetti R. Universally composable security: A new paradigm for cryptographic protocols. In 42th IEEE Symposium on Foundations of Computers Science, 2001 : 136-145.
  • 10Backes M, Pfitzmann B, Waidner M. A composable cryptographic library with nested operations (extended abstract). In Proceedings, 10th ACM conference on computer and communications security (CCS), 2003.

共引文献72

同被引文献55

引证文献11

二级引证文献40

计算机系统应用
2014年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部