prikaz prve stranice dokumenta Analiza ranjivosti protokola OAuth 2.0
No public access
master's thesis
Analiza ranjivosti protokola OAuth 2.0
Zagreb: University of Zagreb, Faculty of Electrical Engineering and Computing, 2020. urn:nbn:hr:168:503528
Bijelić, Adrian
University of Zagreb
Faculty of Electrical Engineering and Computing

Institutional repository: FER Repository

Cite this document

Bijelić, A. (2020). Analiza ranjivosti protokola OAuth 2.0 (Master's thesis). Zagreb: University of Zagreb, Faculty of Electrical Engineering and Computing. Retrieved from https://urn.nsk.hr/urn:nbn:hr:168:503528

Bijelić, Adrian. "Analiza ranjivosti protokola OAuth 2.0." Master's thesis, University of Zagreb, Faculty of Electrical Engineering and Computing, 2020. https://urn.nsk.hr/urn:nbn:hr:168:503528

Bijelić, Adrian. "Analiza ranjivosti protokola OAuth 2.0." Master's thesis, University of Zagreb, Faculty of Electrical Engineering and Computing, 2020. https://urn.nsk.hr/urn:nbn:hr:168:503528

Bijelić, A. (2020). 'Analiza ranjivosti protokola OAuth 2.0', Master's thesis, University of Zagreb, Faculty of Electrical Engineering and Computing, accessed 25 June 2024, https://urn.nsk.hr/urn:nbn:hr:168:503528

Bijelić A. Analiza ranjivosti protokola OAuth 2.0 [Master's thesis]. Zagreb: University of Zagreb, Faculty of Electrical Engineering and Computing; 2020 [cited 2024 June 25] Available at: https://urn.nsk.hr/urn:nbn:hr:168:503528

A. Bijelić, "Analiza ranjivosti protokola OAuth 2.0", Master's thesis, University of Zagreb, Faculty of Electrical Engineering and Computing, Zagreb, 2020. Available at: https://urn.nsk.hr/urn:nbn:hr:168:503528

Metadata
TitleAnaliza ranjivosti protokola OAuth 2.0
Title (english)OAuth 2.0 Protocol Vulnerability Analysis
AuthorAdrian Bijelić
MentorMarin Vuković (mentor)
Committee memberMarin Vuković (predsjednik povjerenstva)
Committee memberMiljenko Mikuc (član povjerenstva)
Committee memberDragan Jevtić (član povjerenstva)
GranterUniversity of Zagreb
Faculty of Electrical Engineering and Computing
Zagreb
Defense date and country2020-07-08, Croatia
Scientific / art field,
discipline and subdiscipline		TECHNICAL SCIENCES
Computing
Abstract
OAuth je protokol definiran kao industrijski standard koji služi za autorizaciju. Zamišljen je kao jednostavna apstrakcija koja pruža autorizaciju za mnoge aplikacije. Apstrakcija dopušta različite tipove autorizacije. Postoji tako tip koji se temelji na autorizacijskom kodu, implicitni tip, tip koji se temelji na lozinki, tip koji se temelji na pristupnim podacima, tip koji se temelji na kodu uređaja i tip koji se temelji na osvježavajućem tokenu. Preporučeno je koristiti tip temeljen na autorizacijskom kodu jer je najsigurniji. Kao i svaki drugi protokol, OAuth nije u potpunosti siguran. Ono što ga činim sigurnim jesu sustavi koji ga koriste. Dovoljan je jedan sustav koji je nesiguran kako bi čitav protokol bio nesiguran. Kako bi sigurnost bila bolja, na tržištu su se pojavile implementacije autorizacijskih poslužitelja koji koriste protokol OAuth. Ideja je takvih poslužitelja odvojiti funkcionalnost autorizacije i uz to održavati razinu sigurnosti. Jedan takav autorizacijski poslužitelj je Keycloak. Problem je s klijentima koji i dalje ovise o implementaciji programera. Za napadača je dovoljan propust na klijentu, tako da sigurnost najviše ovisi o implementaciji klijenta, ali i o protokolima koji dohvaćaju kod klijenta na pretraživačima.
Abstract (english)
OAuth is a protocol defined as an industry standard used for authorization. It is designed as an abstraction for many applications that provides authorization. It allows for different types of authorization. There are authorization code, implicit, password, client credential, a device code, and a refresh token. It is recommended to use the type based on the authorization code because it is the most secure. Like any other protocol, OAuth is not secure. Its security depends on the systems that use it. One insecure system is enough to make the whole protocol are insecure. To improve security, implementations of authorization servers using the OAuth protocol have appeared on the market. The idea of ​​such servers is to separate the authorization functionality and at the same time maintain the level of security. One such authorization server is Keycloak. The problem remains with clients who still depend on the implementation of the developer. As other servers can be built using security plug-ins, security is most dependent on a client deployment. In addition to the client, another major threat is insecure protocols that retrieve the client.
Keywords
Keywords (english)
Languagecroatian
URN:NBNurn:nbn:hr:168:503528
Study programmeTitle: Computing
Study programme type: university
Study level: graduate
Academic / professional title: magistar/magistra inženjer/inženjerka računarstva (magistar/magistra inženjer/inženjerka računarstva)
Type of resourceText
File originBorn digital
Access conditionsClosed access
Terms of useLicence In copyright icon
Public note
Created on2023-01-13 09:46:43