A New Anti-phishing Method in OpenID

Lee, Hwanjin; Jeun, Inkyung; Chun, Kilsoo; Song, Jung-Hwan

doi:10.1109/securware.2008.38

Cited by 13 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some works argue that OpenID is vulnerable to phishing attack [], a malicious relying party could redirect the user to a phishing website and obtain the user's password. Many further researches have been conducted to address the phishing problem.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Constructing authentication web in cloud computing

Zhao

Wang

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

Cloud computing offers a cheap and efficient solution for the deployment of web applications. It results in a big increase of the number of service provider. Users hold multiple identities for using services from different domains. The openness of public clouds requires the authentication system to accept user identities from various domains and to support hybrid authentication protocols. This work proposes a cross‐domain single sign‐on mechanism to address the preceding issues and makes a formal mathematical model to analyze the security issues of the proposed mechanism's authentication architecture; furthermore, an algorithm is proposed to detect the authentication architecture's weak vertex whose failure would lead to a partial failure in the architecture. The proposed mechanism allows service providers to verify user identities in a decentralized way and allows users to unify their identities from various domains in a safe way. The verification process used in this mechanism is able to support hybrid authentication protocols as well as to accelerate the verification of credentials by eliminating single point of failure and single‐point bottleneck. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Many further researches have been conducted to address the phishing problem. Lee et al [] proposed a mechanism to prevent phishing attack by using token and email verification. Urien et al [] also gave a solution to the phishing problem on the basis of secure sockets layer smart cards.…”

Section: Related Workmentioning

confidence: 99%

Constructing authentication web in cloud computing

Zhao

Wang

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…One of the most recent works related to the OpenID Phishing problem was by Lee et al . , where the authors proposed anti‐phishing methods using token and authentication emails. Feng et al and Huang et al .…”

Section: Related Workmentioning

confidence: 99%

Identifying an OpenID anti‐phishing scheme for cyberspace

Abbas

Mahmoodzadeh

Khan

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

OpenID is widely being used for user centric identity management in many Web applications. OpenID provides Web users with the ability to manage their identities through third party identity providers while remaining independent of the subject that actually uses the identities to authenticate individuals. Starting from the early stages of its inception, OpenID has received a large amount of acceptance and use in the current Web community because of its flexibility and ease of use. However, in addition to its benefits and flexibilities, OpenID faces its own share of vulnerabilities and threats, which have made its future and large-scale use in cyberspace questionable. OpenID Phishing is one such attack that has received much attention and that requires a comprehensive solution. This paper aims at identifying and discussing a solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The research will help in next-generation cyber security innovations by reducing the authentication dependency on user credentials, that is, login name/password. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation.

show abstract

“…This mechanism has several security risks, as it depends on the generally limited human capacity to create and remember secret phrases [4]. On the other hand, the OpenID protocol coupled with the use of password authentication is vulnerable to phishing attacks, in which the user is taken to a malicious SP to enter his password on a fake form that mimics the IdP [11] [12]. To eliminate the vulnerabilities like phishing attacks, the proposed model of identity management (IdM) is heavily dependent on protected hardware.…”

Section: Secfunet Identity Managementmentioning

confidence: 99%

User-centric Identity Management based on secure elements

Böger¹,

Barreto²,

Fraga³

et al. 2014

2014 IEEE Symposium on Computers and Communications (ISCC)

View full text Add to dashboard Cite

The security of large applications and distributed systems is heavily dependent on Identity Management models and infrastructures. In this paper we introduce the Identity Management approach developed in the SecFuNet project, which emphasizes the use of smartcards to user authentication and user-centric attribute delivery policies. In current identity models, user attributes are stored in identity providers and any trust relationship may spread user information across trust networks formed among identity providers. In our approach, the user controls the release of his attributes that are stored in his own smartcard. Also, the approach makes use of secure elements and virtualization for protecting user information. This paper describes aspects of our authentication model and discusses the results obtained with a prototype implementation.

show abstract

A New Anti-phishing Method in OpenID

Cited by 13 publications

References 0 publications

Constructing authentication web in cloud computing

Constructing authentication web in cloud computing

Identifying an OpenID anti‐phishing scheme for cyberspace

User-centric Identity Management based on secure elements

Contact Info

Product

Resources

About