This book focuses on various authorization and access control techniques, threats and attack modeling, including an overview of the Open Authorization 2.0 (OAuth 2.0) framework along with user-managed access (UMA) and security analysis. Important key concepts are discussed regarding login credentials with restricted access to third parties with a primary account as a resource server. A detailed protocol overview and authorization process, along with security analysis of OAuth 2.0, are also discussed in the book. Case studies of websites with vulnerability issues are included.
FEATURES
Provides an overview of the security challenges of IoT and mitigation techniques with a focus on authorization and access control mechanisms
Discusses a behavioral analysis of threats and attacks using UML base modeling
Covers the use of the OAuth 2.0 Protocol and UMA for connecting web applications
Includes role-based access control (RBAC), discretionary access control (DAC), mandatory access control (MAC) and permission-based access control (PBAC)
Explores how to provide access to third-party web applications through a resource server by use of a secured and reliable OAuth 2.0 framework
This book is for researchers and professionals who are engaged in IT security, auditing and computer engineering.
| Preface |
|
vii | |
| Authors |
|
xi | |
|
|
|
1 | (18) |
|
1.1 Internet to Internet of Things |
|
|
1 | (2) |
|
|
|
3 | (2) |
|
|
|
5 | (4) |
|
1.4 Industry 4.0 Standards |
|
|
9 | (4) |
|
1.5 Security Issues and Challenges |
|
|
13 | (3) |
|
|
|
16 | (3) |
|
|
|
17 | (2) |
|
2 Authorization and Access Control |
|
|
19 | (14) |
|
|
|
19 | (1) |
|
2.2 Threats and Attacks Modeling |
|
|
20 | (4) |
|
2.3 Overview of Authentication and Authorization |
|
|
24 | (1) |
|
2.4 Access Control Paradigms |
|
|
25 | (4) |
|
2.5 Implementation Perspective |
|
|
29 | (1) |
|
|
|
29 | (4) |
|
|
|
30 | (3) |
|
|
|
33 | (20) |
|
|
|
33 | (3) |
|
3.1.1 OAuth Roles/Main Actors of OAuth2.0 |
|
|
35 | (1) |
|
|
|
36 | (1) |
|
|
|
37 | (2) |
|
|
|
39 | (2) |
|
3.4.1 User Agent as Use Case |
|
|
39 | (1) |
|
3.4.1.1 Educational Application |
|
|
39 | (1) |
|
3.4.2 Web Server in Web Application |
|
|
40 | (1) |
|
3.5 Authorization Process |
|
|
41 | (7) |
|
3.5.1 Authorization Code Grant |
|
|
42 | (1) |
|
3.5.1.1 Authorization Code |
|
|
42 | (2) |
|
|
|
44 | (2) |
|
3.5.3 Resource Owner Password Credential Grant |
|
|
46 | (1) |
|
3.5.4 Client Credentials Grant |
|
|
47 | (1) |
|
|
|
48 | (1) |
|
|
|
48 | (3) |
|
|
|
49 | (1) |
|
|
|
50 | (1) |
|
|
|
50 | (1) |
|
|
|
51 | (2) |
|
|
|
51 | (2) |
|
|
|
53 | (18) |
|
|
|
53 | (3) |
|
4.1.1 Roles of UMA Protocol |
|
|
55 | (1) |
|
|
|
55 | (1) |
|
4.1.1.2 Client Application |
|
|
55 | (1) |
|
4.1.1.3 Authorization Server |
|
|
55 | (1) |
|
|
|
55 | (1) |
|
|
|
55 | (1) |
|
|
|
56 | (1) |
|
|
|
56 | (4) |
|
|
|
60 | (2) |
|
4.4.1 Healthcare Application |
|
|
60 | (2) |
|
4.4.2 Personal Loan Approval Scenario |
|
|
62 | (1) |
|
4.5 Authorization Process |
|
|
62 | (3) |
|
|
|
63 | (2) |
|
4.5.2 Authorization Result Determination |
|
|
65 | (1) |
|
|
|
65 | (3) |
|
4.6.1 PCT and RPT Vulnerability |
|
|
66 | (1) |
|
4.6.2 Cross-Site Request Forgery Attack (CSRF) |
|
|
67 | (1) |
|
|
|
68 | (3) |
|
|
|
69 | (2) |
|
|
|
71 | (2) |
| Index |
|
73 | |
Dr. Parikshit N. Mahalle obtained his B.E degree in Computer Science and Engineering from Sant Gadge Baba Amravati University, Amravati, India and M.E. degree in Computer Engineering from Savitribai Phule Pune University, Pune, India. He completed his Ph.D in Computer Science and Engineering specialization in Wireless Communication from Aalborg University, Aalborg, Denmark. He was Post Doc Researcher at CMI, Aalborg University, Copenhagen, Denmark. He worked as Professor and Head in the Department of Computer Engineering at STESs Smt. Kashibai Navale College of Engineering, Pune, India. Currently He is working as professor and head in Department of Artificial intelligence and Data Science, Vishwakarma Institute of Information Technology, Pune India. He has more than 20 years of teaching and research experience. He is a senior member IEEE, ACM member, Life member CSI and Life member ISTE. Also, he is a member of IEEE transaction on Information Forensics and Security, IEEE Internet of Things Journal. He is a reviewer for IGI Global International Journal of Rough Sets and Data Analysis (IJRSDA), Associate Editor for IGI Global - International Journal of Synthetic Emotions (IJSE), Interscience International Journal of Grid and Utility Computing (IJGUC). He is a Member-Editorial Review Board for IGI Global International Journal of Ambient Computing and Intelligence (IJACI). He is also working as an Associate Editor for IGI Global - International Journal of Synthetic Emotions (IJSE). He has published more than 150 research publications having 1711 citations and H index 18. He has 5 edited books to his credit by Springer and CRC Press. He has 7 patents to his credit. He has worked as Chairman of various Board of Studies.
Mr. Shashikant S. Bhong has 7+ years of experience, presently working as SPPU approved Assistant Professor in Department of computer Engineering, Smt. Kashibai Navale College of Engineering, Pune 41 till date. he obtained M.E. (Computer Engineering) degree from Savitribai Phule Pune University, Pune and B.E. (Computer Engineering) degree from Savitribai Phule Pune University, Pune. he has published 4+ papers in National, International conferences and journals. He has worked as an assistant professor in STES, Rwanda Kigali, Rwanda (East Africa) in 2016, also he has worked as instructor/Trainer in Combat Training Centre(CTC) Gabiro, For Rwandan Army in Rwanda.
Dr. Gitanjali R. Shinde has overall 13 years of experience, presently working as Assistant Professor in Department of Computer Engineering, Vishwakarma Institute of Information Technology, Pune, India. She has done Ph.D in Wireless Communication from CMI, Aalborg University, Copenhagen, Denmark on Research Problem Statement "Cluster Framework for Internet of People, Things and Services". She obtained M.E. (Computer Engineering) degree from the University of Pune, Pune in 2012 and a B.E. (Computer Engineering) degree from the University of Pune, Pune in 2006. She has received research funding for the project "Lightweight Group Authentication for IoT" by SPPU, Pune. She has presented a research article at World Wireless Research Forum (WWRF) meeting, Beijing China. She has published 50+ papers in National, International conferences and journals. She is the author of 5+ books with a publisher like Springer and CRC Taylor & Francis Group. She is also editor of books with De Gruyter and Springer. She is a reviewer of prominent journal IGI publications and IEEE Transactions.
Lisainfo e-raamatute kohta