An Authorization Framework with OAuth for FinTech Servers

Bayram Dogan Gocer; Serif Bahtiyar

doi:10.1109/UBMK.2019.8907182

An Authorization Framework with OAuth for FinTech Servers

Bayram Dogan Gocer
, Serif Bahtiyar

Bilgisayar Mühendisliği Bölümü

Istanbul Technical University

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

4 Atıf (Scopus)

Özet

OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.

Orijinal dil	İngilizce
Ana bilgisayar yayını başlığı	UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering
Yayınlayan	Institute of Electrical and Electronics Engineers Inc.
Sayfalar	536-541
Sayfa sayısı	6
ISBN (Elektronik)	9781728139647
DOI'lar	https://doi.org/10.1109/UBMK.2019.8907182
Yayın durumu	Yayınlandı - Eyl 2019
Etkinlik	4th International Conference on Computer Science and Engineering, UBMK 2019 - Samsun, Turkey Süre: 11 Eyl 2019 → 15 Eyl 2019

Yayın serisi

Adı	UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	4th International Conference on Computer Science and Engineering, UBMK 2019
Ülke/Bölge	Turkey
Şehir	Samsun
Periyot	11/09/19 → 15/09/19

Bibliyografik not

Publisher Copyright:
© 2019 IEEE.

Finansman

This work is supported by Istanbul Technical University under the BAP project, number MAB-2017-40642.

Finansörler	Finansör numarası
Istanbul Teknik Üniversitesi	MAB-2017-40642

BM SKH

Bu sonuç, aşağıdaki Sürdürülebilir Kalkınma Hedefine/Hedeflerine katkıda bulunur

SKH 8 İnsana Yakışır İş ve Ekonomik Büyüme

Belgeye Erişim

10.1109/UBMK.2019.8907182

Diğer Dosyalar ve Linkler

Link to publication in Scopus

Alıntı Yap

Gocer, B. D., & Bahtiyar, S. (2019). An Authorization Framework with OAuth for FinTech Servers. In UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering (pp. 536-541). Makale 8907182 (UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UBMK.2019.8907182

@inproceedings{63f20fa45cac4dfd96cde8316789e79f,

title = "An Authorization Framework with OAuth for FinTech Servers",

abstract = "OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.",

keywords = "Authorization, FinTech, OAuth, Security, Vulnerability",

author = "Gocer, \{Bayram Dogan\} and Serif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 4th International Conference on Computer Science and Engineering, UBMK 2019 ; Conference date: 11-09-2019 Through 15-09-2019",

year = "2019",

month = sep,

doi = "10.1109/UBMK.2019.8907182",

language = "English",

series = "UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "536--541",

booktitle = "UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering",

address = "United States",

}

Gocer, BD & Bahtiyar, S 2019, An Authorization Framework with OAuth for FinTech Servers. in UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering., 8907182, UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering, Institute of Electrical and Electronics Engineers Inc., pp. 536-541, 4th International Conference on Computer Science and Engineering, UBMK 2019, Samsun, Turkey, 11/09/19. https://doi.org/10.1109/UBMK.2019.8907182

An Authorization Framework with OAuth for FinTech Servers. / Gocer, Bayram Dogan; Bahtiyar, Serif.
UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering. Institute of Electrical and Electronics Engineers Inc., 2019. p. 536-541 8907182 (UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering).

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

TY - GEN

T1 - An Authorization Framework with OAuth for FinTech Servers

AU - Gocer, Bayram Dogan

AU - Bahtiyar, Serif

PY - 2019/9

Y1 - 2019/9

N2 - OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.

AB - OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.

KW - Authorization

KW - FinTech

KW - OAuth

KW - Security

KW - Vulnerability

UR - https://www.scopus.com/pages/publications/85076221014

U2 - 10.1109/UBMK.2019.8907182

DO - 10.1109/UBMK.2019.8907182

M3 - Conference contribution

AN - SCOPUS:85076221014

T3 - UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering

SP - 536

EP - 541

BT - UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 4th International Conference on Computer Science and Engineering, UBMK 2019

Y2 - 11 September 2019 through 15 September 2019

ER -

Gocer BD, Bahtiyar S. An Authorization Framework with OAuth for FinTech Servers. In UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering. Institute of Electrical and Electronics Engineers Inc. 2019. p. 536-541. 8907182. (UBMK 2019 - Proceedings, 4th International Conference on Computer Science and Engineering). doi: 10.1109/UBMK.2019.8907182

An Authorization Framework with OAuth for FinTech Servers

Özet

Yayın serisi

???event.eventtypes.event.conference???

Bibliyografik not

Finansman

BM SKH

Belgeye Erişim

Diğer Dosyalar ve Linkler

Parmak izi

Alıntı Yap