OpenID is widely being used for user centric identity management in many Web applications. OpenID provides Web users with the ability to manage their identities through third party identity providers while remaining independent of the subject that actually uses the identities to authenticate individuals. Starting from the early stages of its inception, OpenID has received a large amount of acceptance and use in the current Web community because of its flexibility and ease of use. However, in addition to its benefits and flexibilities, OpenID faces its own share of vulnerabilities and threats, which have made its future and large-scale use in cyberspace questionable. OpenID Phishing is one such attack that has received much attention and that requires a comprehensive solution. This paper aims at identifying and discussing a solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The research will help in next-generation cyber security innovations by reducing the authentication dependency on user credentials, that is, login name/password. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.