Work place: IPT, USP, SENAC, UNIP, SP, Brazil
E-mail: anderson@uol.com.br
Website:
Research Interests: Information Security
Biography
Anderson Aparecido Alves da Silva holds a PhD in Computer Engineering (USP 2016) and has completed 2 post-docs in engineering. He worked for 23 years in the private sector and is currently a researcher at IPT and university professor. His line of research is about information security.
By Gilson da Silva Francisco Anderson Aparecido Alves da Silva Marcelo Teixeira de Azevedo Eduardo Takeo Ueda Adilson Eduardo Guelfi Jose Jesus Perez Alcazar
DOI: https://doi.org/10.5815/ijcnis.2024.02.01, Pub. Date: 8 Apr. 2024
OAuth 2.0 provides an open secure protocol for authorizing users across the web. However, many modalities of this standard allow these protections to be implemented optionally. Thus, its use does not guarantee security by itself and some of the deployment options in the OAuth 2.0 specification can lead to incorrect settings. FIWARE is an open platform for developing Internet applications of the future. It is the result of the international entity Future Internet Public-Private Partnership. [1,2] FIWARE was designed to provide a broad set of API to stimulate the development of new businesses in the context of the European Union. This platform can be understood as a modular structure to reach a broad spectrum of applications such as IoT, big data, smart device management, security, open data, and virtualization, among others. Regarding security, the exchange of messages between its components is done through the OAuth 2.0 protocol. The objective of the present work is to create a system that allows the detection and analysis of vulnerabilities of OAuth 2.0, executed on HTTP/HTTPS in an on-premise development environment focused on the management of IoT devices and to help developers to implement them ensuring security for these environments. Through the system proposed by this paper, it was possible to find vulnerabilities in FIWARE components in HTTP/HTTPS environments. With this evidence, mitigations were proposed based on the mandatory recommendations by the IETF.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals