{"id":"https://openalex.org/W4290996325","doi":"https://doi.org/10.1109/icc45855.2022.9838581","title":"Unfettered Access Tokens: Discovering Security Flaws of the Access Token in Smart Home Platforms","display_name":"Unfettered Access Tokens: Discovering Security Flaws of the Access Token in Smart Home Platforms","publication_year":2022,"publication_date":"2022-05-16","ids":{"openalex":"https://openalex.org/W4290996325","doi":"https://doi.org/10.1109/icc45855.2022.9838581"},"language":"en","primary_location":{"id":"doi:10.1109/icc45855.2022.9838581","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc45855.2022.9838581","pdf_url":null,"source":{"id":"https://openalex.org/S4363607711","display_name":"ICC 2022 - IEEE International Conference on Communications","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2022 - IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100331605","display_name":"Cong Liu","orcid":"https://orcid.org/0000-0002-5999-2126"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210136859","display_name":"Xi\u2019an University of Posts and Telecommunications","ror":"https://ror.org/04jn0td46","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210136859"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Cong Liu","raw_affiliation_strings":["Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","institution_ids":["https://openalex.org/I4210136859"]},{"raw_affiliation_string":"National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048531636","display_name":"Yiyu Yang","orcid":"https://orcid.org/0000-0002-7452-3934"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiyu Yang","raw_affiliation_strings":["University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","institution_ids":["https://openalex.org/I4210108629"]},{"raw_affiliation_string":"National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100624916","display_name":"Yuhui Zhang","orcid":"https://orcid.org/0000-0002-5769-3456"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]},{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210136859","display_name":"Xi\u2019an University of Posts and Telecommunications","ror":"https://ror.org/04jn0td46","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210136859"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuhui Zhang","raw_affiliation_strings":["University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","institution_ids":["https://openalex.org/I4210108629"]},{"raw_affiliation_string":"Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","institution_ids":["https://openalex.org/I4210136859"]},{"raw_affiliation_string":"National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100401884","display_name":"Yuqing Zhang","orcid":"https://orcid.org/0000-0001-8306-7195"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]},{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210136859","display_name":"Xi\u2019an University of Posts and Telecommunications","ror":"https://ror.org/04jn0td46","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210136859"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuqing Zhang","raw_affiliation_strings":["University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Chinese Academy of Sciences,National Computer Network Intrusion Protection,Beijing,China","institution_ids":["https://openalex.org/I4210108629"]},{"raw_affiliation_string":"Xi&#x2018;an University of Posts &amp; Telecommunications,School of Cyberspace Security,Xi&#x2018;an,China","institution_ids":["https://openalex.org/I4210136859"]},{"raw_affiliation_string":"National Computer Network Intrusion Protection, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3631,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.49512118,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.8354284763336182},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.737217128276825},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.732896625995636},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6228711605072021},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5883642435073853},{"id":"https://openalex.org/keywords/home-automation","display_name":"Home automation","score":0.5541512370109558},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5245961546897888},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.41729050874710083},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.1610139012336731},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09703299403190613}],"concepts":[{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.8354284763336182},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.737217128276825},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.732896625995636},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6228711605072021},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5883642435073853},{"id":"https://openalex.org/C507571656","wikidata":"https://www.wikidata.org/wiki/Q848436","display_name":"Home automation","level":2,"score":0.5541512370109558},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5245961546897888},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.41729050874710083},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.1610139012336731},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09703299403190613}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icc45855.2022.9838581","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc45855.2022.9838581","pdf_url":null,"source":{"id":"https://openalex.org/S4363607711","display_name":"ICC 2022 - IEEE International Conference on Communications","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2022 - IEEE International Conference on Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.44999998807907104,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2012921353","https://openalex.org/W2119249378","https://openalex.org/W2126123233","https://openalex.org/W2218971720","https://openalex.org/W2508433864","https://openalex.org/W2791710451","https://openalex.org/W3015797940","https://openalex.org/W3081154221","https://openalex.org/W4300788801","https://openalex.org/W6678677658","https://openalex.org/W6748246993","https://openalex.org/W6782007757"],"related_works":["https://openalex.org/W2440256617","https://openalex.org/W2805919076","https://openalex.org/W2055861164","https://openalex.org/W2800638116","https://openalex.org/W2507264430","https://openalex.org/W2522430697","https://openalex.org/W4229377121","https://openalex.org/W1537284897","https://openalex.org/W3210166343","https://openalex.org/W141984337"],"abstract_inverted_index":{"In":[0],"the":[1,6,12,32,74,77,107,125,141,169,185,213,223],"smart":[2,24,57,84,130,149,195],"home":[3,25,58,85,131,150,196],"platform":[4,151],"communication,":[5],"access":[7,16,19,26,52,78,110,152,188],"token":[8,20,79,153],"might":[9],"properly":[10],"represent":[11],"user\u2019s":[13],"identity":[14],"and":[15],"permissions.":[17],"Any":[18],"used":[21,180],"in":[22,42,54,93,155,190,206],"multi-user":[23],"should":[27],"be":[28],"rigorously":[29],"regulated":[30],"by":[31,114],"cloud":[33,242],"to":[34,49,64,73,167,183,236,249],"guarantee":[35],"that":[36,51,99,105,164,229],"users":[37],"only":[38,133],"use":[39,232],"their":[40],"devices":[41,71],"permitted":[43],"ways.":[44],"However,":[45],"we":[46,159,199,220],"were":[47],"astonished":[48],"discover":[50],"tokens":[53,111,189],"certain":[55],"popular":[56],"platforms":[59],"are":[60,88,112],"unfettered,":[61],"allowing":[62],"attackers":[63,230],"illegally":[65],"eavesdrop":[66],"on":[67,124,148],"or":[68,129],"control":[69],"IoT":[70],"connected":[72],"cloud.":[75],"While":[76],"is":[80,98,212],"essential":[81],"for":[82,222],"managing":[83],"permissions,":[86],"there":[87],"currently":[89],"no":[90],"security":[91,108,126,154,186,204,234,247],"checks":[92],"place.":[94],"The":[95],"fundamental":[96],"reason":[97],"many":[100,119],"standard":[101],"Web":[102],"testing":[103,162],"tools":[104],"check":[106],"of":[109,127,137,187,193,203,210,216,240],"disabled":[113],"SSL/TLS":[115,176],"encryption.":[116],"Furthermore,":[117,158],"whereas":[118],"previous":[120],"studies":[121],"have":[122],"focused":[123],"OAuth2.0":[128],"apps,":[132],"a":[134,145,161,191,238,245],"small":[135],"amount":[136],"research":[138],"has":[139],"combined":[140],"two.":[142],"We":[143,179],"presented":[144],"systematic":[146],"analysis":[147],"this":[156,181],"paper.":[157],"created":[160],"tool":[163,182],"allowed":[165],"us":[166],"reuse":[168],"app\u2019s":[170],"underlying":[171],"logic":[172],"while":[173],"also":[174],"overcoming":[175],"encryption":[177],"issues.":[178],"examine":[184],"number":[192],"major":[194],"platforms.":[197],"Finally,":[198],"discovered":[200,221],"three":[201],"types":[202],"issues":[205,235],"seven":[207],"platforms,":[208],"one":[209],"which":[211,219],"DoR":[214],"(Denial":[215],"Refresh)":[217],"flaw,":[218],"first":[224],"time.":[225],"Our":[226],"tests":[227],"revealed":[228],"may":[231],"these":[233],"exploit":[237],"total":[239],"106":[241],"APIs,":[243],"posing":[244],"serious":[246],"risk":[248],"device":[250],"owners.":[251]},"counts_by_year":[{"year":2024,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
