• DocumentCode
    693663
  • Title

    How to grant less permissions to facebook applications

  • Author

    Costantino, Gianpiero ; Martinelli, F. ; Sgandurra, Daniele

  • Author_Institution
    Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
  • fYear
    2013
  • fDate
    4-6 Dec. 2013
  • Firstpage
    55
  • Lastpage
    60
  • Abstract
    Single Sign-On (SSO) is an authentication procedure that allows users to adopt the same credentials to access multiple services. On the other hand, OAuth 2.0 is a protocol that enables authorized applications to access data that are stored in a resource server. A practical example of the adoption of SSO with OAuth 2.0 is given by all the websites or applications that use the “Log in with Facebook” procedure to authenticate users already registered with Facebook. In this paper, we propose a mechanism that exploits a weakness of OAuth 2.0 and a missing control of the website to show how it is possible to register a user by reducing the number of scopes that the website requires with the “Log in with Facebook” procedure. Finally, we illustrate two examples that exploit the proposed mechanism and provide a solution to address the problem.
  • Keywords
    authorisation; social networking (online); Facebook applications; OAuth; Web sites; authentication procedure; single sign-on; Facebook; Servers; Facebook; OAuth 2.0; Social Networks; permissions; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security (IAS), 2013 9th International Conference on
  • Conference_Location
    Gammarth
  • Print_ISBN
    978-1-4799-2989-4
  • Type

    conf

  • DOI
    10.1109/ISIAS.2013.6947733
  • Filename
    6947733
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=693663