Cluster Computing

, Volume 22, Supplement 1, pp 1991–1999 | Cite as

A study on secure user authentication and authorization in OAuth protocol

  • Cheol-Joo Chae
  • Ki-Bong Kim
  • Han-Jin ChoEmail author


When developing the client with the social network service, the OAuth protocol gets to be mostly followed. The OAuth protocol is the protocol which is being most much used in the company providing the social network service as the protocol which doesn’t expose the user certification information in 3rd Party and is developed in order to give the user resources accessible rights like Google or facebook, twitter, and etc. However, when of the authentication information of this user is exposed on network by the attacker, there is the malicious problem that it can be used. It can classify as the replay attack, phishing attack, and impersonation attack as the general security vulnerability which it can happen in this OAuth protocol. Therefore, before the Access Token is issued in order to this solve the security vulnerability in the OAuth protocol. By using E-mail, the resource owner is authenticated and the access token is safely issued. And it distribute the Access Token and stores. When using the proposed method, it uses the E-mail authentication less than 0.8% can confirm the authentication success rate of the attacker to be safer than the existing method. Because of distributes the access token and storing, although the attacker won the some of user information, it would not allow to use for the user authentication. When seven over distributed the access token, it can check that as in the E-mail authentication it can use since the release time of the access Token has 10 min or greater.


OAuth protocol Authentication Authorization Access token 



This work was supported by the Far East University Research Grant (FEU2016S01).


  1. 1.
    Kim, S.-J.: An Efficient Access Control Mechanism for Application Software using the OAuth in the SaaS Cloud System. Graduate School of PaiChai University, Daejeon (2013)Google Scholar
  2. 2.
    Moon, J.-K.: A Delegator for Authentication Management System using OAuth in Cloud Computing Environment. Graduate School of Kongju National University, Daejeon (2013)Google Scholar
  3. 3.
    Seo, D.B., Jeong, C.-S., Jeon, Y.-B., Lee, K.-H.: Cloud infrastructure for ubiquitous M2M and IoT environment mobile application. J. Clust. Comput. 18(2), 599–608 (2015)CrossRefGoogle Scholar
  4. 4.
    Hardt, D.: The OAuth 2.0 Authorization Framework. Internet Engineering Task Force (IETF) RFC 6749 (2012)Google Scholar
  5. 5.
    Jones, M.: The OAuth 2.0 Authorization Framework: Bear Token Usage. Internet Engineering Task Force (IETF) RFC 6750 (2012)Google Scholar
  6. 6.
    Noureddine, M., Bashroush, R.: A Provisioning Model towards OAuth 2.0 Performance Optimization. In: Proceedings of the 2011 10th IEEE International Conference On Cybernetic Intelligent Systems, pp. 76–80 (2011)Google Scholar
  7. 7.
  8. 8.
    Choi, Y.-K.: A User Authentication Mechanism for IoT Network based on OAuth Protocol. AJOU University, Suwon (2015)Google Scholar
  9. 9.
    OAuth Community Reports.: User Authentication with OAuth 2.0. Accessed June 9 (2016)
  10. 10.
    Hammer, E.: OAuth 2.0 and the Road to Hell. (2016)
  11. 11.
    Kim, J.-W.: A Study on Security Problems of OAuth Token Usage. Soongsil University, Seoul (2016)Google Scholar
  12. 12.
    Lee, S., Kim, J., Kang, S., Hong, M.: Improving the Security of OAuth Client using Obfuscation Techniques. In: Proceedings of the 2013 KSII Conference, Vol. 14, No. 1, pp. 159–160 (2013)Google Scholar
  13. 13.
    Jung, Y.G., Lee, S.R., Jang, G.H., Youm, H.Y.: Security Problems for Secure OAuth Authentication Protocol. In: Proceesings of the 2011 KICS Conference, pp. 952–953 (2011)Google Scholar
  14. 14.
    Yang, F., Manoharan, S.: A Security Analysis of the OAuth Protocol. In: Proceedings of Communications, Computers and Signal Processing, pp. 271–276 (2013)Google Scholar
  15. 15.
    Lodderstedt, T., McGloin, M., Hunt, P.: OAuth 2.0 threat model and security considerations. Internet Engineering Task Force RFC 6819 (2013)Google Scholar
  16. 16.
    Lee, W.-J., Kim, K.-W.: Cryptanalysis and improvement of an e-mail exchange protocol with mutual authentication. J. KIIT 11(10), 61–68 (2013)Google Scholar
  17. 17.
    Ahn, H.-S., Woo, J., Ki-Dong, B.: Robust e-mail exchange protocol with mutual authentication. J. KIIT 10(11), 105–112 (2012)Google Scholar
  18. 18.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Korea National College of Agriculture and FisheriesJeonjuRepublic of Korea
  2. 2.Department of Computer InformationDaejeon Health Science CollegeDaejeonRepublic of Korea
  3. 3.Department of Smart MobileFar East UniversityEumseongRepublic of Korea

Personalised recommendations