Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks

Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks

The combined use of OpenID and OAuth for authentication and authorization is gaining popularity day by day in Internet. Because of its simplicity to understand, use and robustness, they are used in many domains in web, especially where the apps and user base are huge like social networking. Also it...

Full description

Bibliographic Details
Main Author: Vijayan, Anoop
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2012
Subjects:
OpenID
OAuth
Kerberos
Mobile Technology and Business (maisteriohjelma)
Master's Degree Programme in Mobile Technology and Business
601
Internet
todentaminen
verkkourkinta
authentication
phishing
Online Access: https://jyx.jyu.fi/handle/123456789/73529
_version_ 1826225724009218048
author Vijayan, Anoop
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Vijayan, Anoop Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Vijayan, Anoop Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Vijayan, Anoop
datasource_str_mv jyx
description The combined use of OpenID and OAuth for authentication and authorization is gaining popularity day by day in Internet. Because of its simplicity to understand, use and robustness, they are used in many domains in web, especially where the apps and user base are huge like social networking. Also it reduces the burden of typing the password every time for authentication and authorization especially in hand-held gadgets. After a simple problem scenario discussion, it is clear that the OpenID+OAuth combination has some drawbacks from the authentication perspective. The two major problems discussed here include problems caused due to transfer of user credentials over Internet and complexity in setting up of two protocols separately for authentication and authorization. Both the problems are addressed by extending OAuth2.0. By using Kerberos-like authentication, the user has the possibility of not passing the credentials over Internet. It is worth to note that, OAuth2.0 also uses some kind of tokens for authorizations similar to Kerberos. It could be seen that extending OAuth2.0 to perform authentication removes the need for OpenID and its problems completely.
first_indexed 2021-01-04T21:01:24Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Vijayan, Anoop", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-01-04T07:37:36Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-01-04T07:37:36Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2012", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/73529", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The combined use of OpenID and OAuth for authentication and authorization is gaining\npopularity day by day in Internet. Because of its simplicity to understand, use and robustness,\nthey are used in many domains in web, especially where the apps and user base are huge like\nsocial networking. Also it reduces the burden of typing the password every time for\nauthentication and authorization especially in hand-held gadgets.\nAfter a simple problem scenario discussion, it is clear that the OpenID+OAuth combination has\nsome drawbacks from the authentication perspective. The two major problems discussed here\ninclude problems caused due to transfer of user credentials over Internet and complexity in\nsetting up of two protocols separately for authentication and authorization.\nBoth the problems are addressed by extending OAuth2.0. By using Kerberos-like authentication,\nthe user has the possibility of not passing the credentials over Internet. It is worth to note that,\nOAuth2.0 also uses some kind of tokens for authorizations similar to Kerberos. It could be seen\nthat extending OAuth2.0 to perform authentication removes the need for OpenID and its\nproblems completely.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2021-01-04T07:37:36Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-01-04T07:37:36Z (GMT). No. of bitstreams: 0\n Previous issue date: 2012", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "81", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "OpenID", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "OAuth", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Kerberos", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202101041010", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mobile Technology and Business (maisteriohjelma)", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Mobile Technology and Business", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Internet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "todentaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkourkinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Internet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "authentication", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "phishing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_73529
language eng
last_indexed 2025-02-18T10:55:12Z
main_date 2012-01-01T00:00:00Z
main_date_str 2012
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/67c611ee-eed0-432b-a380-7689a037aef9\/download","text":"URN:NBN:fi:jyu-202101041010.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2012
record_format qdc
source_str_mv jyx
spellingShingle Vijayan, Anoop Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks OpenID OAuth Kerberos Mobile Technology and Business (maisteriohjelma) Master's Degree Programme in Mobile Technology and Business 601 Internet todentaminen verkkourkinta authentication phishing
title Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
title_full Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
title_fullStr Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
title_full_unstemmed Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
title_short Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
title_sort extending oauth2 0 for kerberos like authentication to avoid internet phishing attacks
title_txtP Extending OAuth2.0 for Kerberos-like authentication to avoid Internet phishing attacks
topic OpenID OAuth Kerberos Mobile Technology and Business (maisteriohjelma) Master's Degree Programme in Mobile Technology and Business 601 Internet todentaminen verkkourkinta authentication phishing
topic_facet 601 Internet Kerberos Master's Degree Programme in Mobile Technology and Business Mobile Technology and Business (maisteriohjelma) OAuth OpenID authentication phishing todentaminen verkkourkinta
url https://jyx.jyu.fi/handle/123456789/73529 http://www.urn.fi/URN:NBN:fi:jyu-202101041010
work_keys_str_mv AT vijayananoop extendingoauth20forkerberoslikeauthenticationtoavoidinternetphishingattacks

Similar Items