Skip to main content
Conference ProceedingsOPEN ACCESS

Verifying OAuth implementations through encrypted network analysis

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (2019) 227-229
DOI: 10.1145/3322431.3326449
2Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the applications platform and then verify the protocol through analysis of the network traffic tied to the models. To test this method, the popular protocol OAuth is considered. Currently, formal models of OAuth do not take into consideration the mobile environment, and implementation verification is largely based on code analysis. Our preliminary results are two fold; we sketch an extension to a formal model that incorporates the specifics of the Android platform and classify OAuth device types using machine learning on encrypted VPN traffic.

Author supplied keywords

References Powered by Scopus

A comprehensive formal security analysis of OAuth 2.0

Proceedings of the ACM Conference on Computer and Communications Security
147Citations
N/AReaders
Get full text

OAuth demystified for mobile application developers

Proceedings of the ACM Conference on Computer and Communications Security
129Citations
N/AReaders
Get full text

Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach

Proceedings - 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017
114Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Detecting Devices and Protocols on VPN-Encrypted Networks

2020 6th International Conference on Mobile and Secure Services, MOBISECSERV 2020
1Citations
N/AReaders
Get full text

Why Protocols Fail to Transition to Mobile Domains

2020 6th International Conference on Mobile and Secure Services, MOBISECSERV 2020
0Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Talkington, J., Dantu, R., & Morozov, K. (2019). Verifying OAuth implementations through encrypted network analysis. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (pp. 227–229). Association for Computing Machinery. https://doi.org/10.1145/3322431.3326449

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 3

100%

Readers' Discipline

Tooltip

Engineering 2

67%

Computer Science 1

33%

Save time finding and organizing research with Mendeley

Sign up for free