Advertisement

An OAuth2.0-Based Unified Authentication System for Secure Services in the Smart Campus Environment

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10862)

Abstract

Based on the construction of Shandong Normal University’s smart authentication system, this paper researches the key technologies of Open Authorization(OAuth) protocol, which allows secure authorization in a simple and standardized way from third-party applications accessing online services. Through the analysis of OAuth2.0 standard and the open API details between different applications, and concrete implementation procedure of the smart campus authentication platform, this paper summarizes the research methods of building the smart campus application system with existing educational resources in cloud computing environment. Through the conducting of security experiments and theoretical analysis, this system has been proved to run stably and credibly, flexible, easy to integrate with existing smart campus services, and efficiently improve the security and reliability of campus data acquisition. Also, our work provides a universal reference and significance to the authentication system construction of the smart campus.

Keywords

OAuth2.0 Authentication and authorization Open API Cloud security Smart campus Open platform 

Notes

Acknowledgment

This research is financially supported by the National Natural Science Foundation of China (90612003, 61602282, No. 61572301), the Natural Science Foundation of Shandong province (No. ZR2013FM008, No. ZR2016FP07), the Open Research Fund from Shandong provincial Key Laboratory of Computer Network, Grant No.: SDKLCN-2016-01, the Postdoctoral Science Foundation of China (2016M602181), and Science and technology development projects of Shandong province (2011GGH20123).

References

  1. 1.
    Berners-Lee, T.J.: The World-Wide Web. Comput. Netw. ISDN Syst. 25(4), 454–459 (1992)CrossRefGoogle Scholar
  2. 2.
    Kopecky, J., Fremantle, P., Boakes, R.: A history and future of web APIs. Inf. Technol. 56(3), 90–97 (2014)Google Scholar
  3. 3.
    Mell, P., Grance, T.: The NIST definition of cloud computing. Commun. ACM 53(6), 50 (2010)Google Scholar
  4. 4.
    Aldossary, S., Allen, W.: Data security, privacy, availability and integrity in cloud computing: issues and current solutions. IJACSA 7(4), 485–498 (2016)CrossRefGoogle Scholar
  5. 5.
    Hyeonseung, K., Chunsik, P.: Cloud computing and personal authentication service. J. Korea Inst. Inf. Secur. Cryptol. 20(2), 11–19 (2010)Google Scholar
  6. 6.
    Grosse, E., Upadhyay, M.: Authentication at scale. IEEE Secur. Priv. 11(1), 15–22 (2013)CrossRefGoogle Scholar
  7. 7.
    Ferry, E., Raw, J.O., Curran, K.: Security evalution of the OAuth 2.0 Framework. Inf. Comput. Secur. 23(1), 73–101 (2015)CrossRefGoogle Scholar
  8. 8.
    Leiba, B.: OAuth web authorization protocol. IEEE Internet Comput. 16, 74–77 (2012)CrossRefGoogle Scholar
  9. 9.
    Shehab, M., Marouf, S.: Recommendation models for open authorization. IEEE Trans. Dependable Secure Comput. 9, 1–13 (2012)CrossRefGoogle Scholar
  10. 10.
    Huang, R.Y.: Smart Campus Construction Program and Implementation. South China University of Technology Publishing House, Guangdong (2014)Google Scholar
  11. 11.
    Phillip, J.W.: API access control with OAuth: coordinating interactions with the Internet of Things. IEEE Consum. Electron. Mag. 4(3), 52–58 (2015)CrossRefGoogle Scholar
  12. 12.
    Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-OAS: an OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2015)CrossRefGoogle Scholar
  13. 13.
    Sakimura, N., Bradley, J., Jones, M., Medeiros, B.D., Mortimore, C.: OpenID Connect Core 1.0 Incorporating Errata (2014). http://openid.net/specs/openid-connect-core-1_0.html
  14. 14.
    Rama, G.M., Kak, A.: Some structural measures of API usability. Softw. Pract. Exp. 45(1), 75–110 (2015)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Garber, L.: The lowly API is ready to step front and center. Computer 13, 14–17 (2013)Google Scholar
  17. 17.
    Lynch, L.: Inside the identity management game. IEEE J. Serv. Comput. 11, 78–82 (2011)Google Scholar
  18. 18.
    Jami, S., Rao, K.S.: Providing multi user authentication and anonymous data sharing in cloud computing. IJETT 31(1), 50–53 (2016)Google Scholar
  19. 19.
    Chess, B., Arkin, B.: Integrating user customization and authentication: the identity crisis. IEEE Secur. Priv. 8(2), 82–85 (2012)Google Scholar
  20. 20.
    Li, X., Wang, L. Digital campus unified authentication platform research and application. JIANGXI Educ. 7–8 (2016)Google Scholar
  21. 21.
    Choi, J., Kim, J., Lee, D.K., Jang, K.S., Kim, D.J.: The OAuth2.0 web authorization protocol for the Internet Addiction Bioinformatics (IABio) database. Genom. Informatics 14(1), 20–28 (2016)CrossRefGoogle Scholar
  22. 22.
    Zhang, M., Shi, J.Q., Ren, E., Song, J.: OAuth2.0 in the integration of management platform for the sharing of resources research. China Chem. Trade, 182–183 (2015)Google Scholar
  23. 23.
    Wang, X.S., Du, J.B., Wang, Z.: Research and practice of OAuth authorization system in the information environment of universities. China Higher Education Information Academy, November 2014Google Scholar
  24. 24.
    Leiba, B.: OAuth web authorization protocol. IEEE Internet Comput. 16(1), 74–77 (2012)CrossRefGoogle Scholar
  25. 25.
    OpenID Connect Core 1.0 Incorporating Errata Set 1, vol. 8 (2014). http://openid.net/specs/openid-connect-core-1_0.html

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Shandong Normal UniversityShandongChina
  2. 2.Computer Network Information Center, Chinese Academy of ScienceBeijingChina

Personalised recommendations