The Research Of Based On OAuth2.0 Protocol Security Authorization Model

In recent years, with the extensive application of OAuth2.0 protocol, its security has been more and more concerned by all kinds of scholars. Between 2012 and 2014, Tencent, micro-blog, Sina, Twitter, Facebook, Google and other domestic and foreign large number of well-known website for the use of OAuth authorized open platform and subject to security threats, had several emergency repair program. At present, the most popular open platform license agreement OAuth, the security of the authorization model has been the concern of enterprise applications, in essence, is to ensure that different roles in the interaction process to provide security and trust services.Oauth2.0 authorization code model is the most complete function, process the most stringent licensing mode so they are authorized code model is widely used, but frequently exposed security vulnerabilities. Considered to enhance oauth2.0 protocol security, this article will in oauth2.0 authorization code model to make improvements, this paper adopts hlpsl language of authorization code model of formal modeling, combined with inert infinite state method and inert attacker optimization method of formal model analysis and validation, find authorization code model of security vulnerabilities is client certificate can be an attacker to steal. When the authorization server not only by the client certificate to verify the client's legitimacy, improve code model client authentication authorization, ensure access to client is legitimate, you can strengthen oauth2.0 client role of safety in a certain extent. The ultimate goal is to secure authorization code model establishment of verify its security is the use of formal methods in the most stringent, using hlpsl language in the form of standardized model, and use support hlps1 language automatic formal verification the Avispa tool, using the platform of ofmc terminal analysis of security model or not, to the safety of the authorized code model analysis, comprehensive security authentication authorization model code of safety.The significance and contribution of this paper are mainly reflected in the following three aspects:1 establish the formal model of OAuth2.0 protocol authorization code model.2 a very detailed mathematical analysis and verification of the OAuth2.0 protocol authorization code model.3 optimize the OAuth2.0 authorization code model, the establishment of security authorization code model, and analyze and verify its theoretical security vulnerabilities.Through to oauth2.0 authorization code model detailed formal analysis and verification, and for the existence of vulnerable loopholes and optimum authorization code model, security authorization code model to establish the authority of the high security requirements of open platform is instructive.