Evaluation of Secure OpenID-Based RAAA User Authentication Protocol for Preventing Specific Web Attacks in Web Apps

Bilal, Muhammad; Wang, Can; Yu, Zhi; Bashir, Abid

doi:10.1109/icsess49938.2020.9237635

Cited by 5 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Phishing attacks are also possible when a site that supports OpenID authorization is forged in order to obtain information about the user from the provider. Using the “hidden redirect” vulnerability, attackers can create the illusion for the user that the information is being requested by this site [ 38 ]. One-Time Password (OTP) is a one-time password method valid for only one authentication session.…”

Section: General Concept Of Information Protection Using Electronic K...mentioning

confidence: 99%

Electronic User Authentication Key for Access to HMI/SCADA via Unsecured Internet Networks

Abu-Jassar

Attar

Yevsieiev

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

This paper discusses the development of new hardware and software for protecting access to HMI/SCADA systems via Unprotected Internet Networks (UPN), mainly when working remotely with confidential information. Based on the analysis carried out, it is shown that the existing vulnerabilities can be exploited by cybercriminals to steal passwords and user authentication logins. Modern protection technologies based on the OTP method have been investigated. Moreover, a new concept of information security for user authentication in UPNs when working with information remotely is proposed. The structure of the electronic key and the connection diagram based on the selected hardware modules have been developed. In addition, the two-level user identification algorithms and the firmware program code for the ATmega32U4 microcontroller are considered. Finally, to show the reliability and stability of the of the developed electronic user authentication key against any unexpected software hacking, a number of experiments have been performed.

show abstract

Section: General Concept Of Information Protection Using Electronic K...mentioning

confidence: 99%

Electronic User Authentication Key for Access to HMI/SCADA via Unsecured Internet Networks

Abu-Jassar

Attar

Yevsieiev

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…However, this method is usually based on a weighted score function. Bilal et al [36] evaluated the performance of their security technique, namely Reverse Authentication Authorizing and Accounting, with the existing Single Sign-On (SSO) mechanism. The outcome and performance analysis suggested that the presented work is always better towards facilitating efficient authentication and robustness to prevent web attacks.…”

Section: ) Risk-based Access Control and Authenticationsmentioning

confidence: 99%

“…Most of the existing solutions are not focused on determining that most wearable devices do not provide a suitable interface for password-based authentication [23]- [26]. • Most studies have not focused on the practical implementation of frictionless authentication techniques in web-based applications [36]- [39].…”

Section: Problem Descriptionmentioning

confidence: 99%

A Frictionless and Secure User Authentication in Web-Based Premium Applications

Olanrewaju

Khan²,

Morshidi

et al. 2021

IEEE Access

View full text Add to dashboard Cite

By and large authentication systems employed for web-based applications primarily utilize a conventional username and password-based schemes, which can be compromised easily. Currently, there is an evolution of various complex user authentication schemes based on the sophisticated methodology of encryption. However, many of these schemes suffer from either low impact full consequences or offer security at higher resource dependence. Furthermore, the majority of these schemes don't consider dynamic threat and attack strategies when the clients are exposed to unidentified attack environments. Hence, this paper proposes a secure user authentication mechanism for web applications with a frictionless experience. An automated authentication scheme is designed based on user behaviour login events. The uniqueness of user identity is validated in the proposed system at the login interface, followed by implying an appropriate user authentication process. The authentication process is executed under four different login mechanisms, which depend on the profiler and the authenticator function. The profiler uses user behavioural data, including login session time, device location, browser, and details of accessed web services. The system processes these data and generates a user profile via a profiler using the authenticator function. The authenticator provides a login mechanism to the user to perform the authentication process. After successful login attempts, the proposed system updates database for future evaluation in the authentication process. The study outcome shows that the proposed system excels to other authentication schemes for an existing web-based application. The proposed method, when comparatively examined, is found to offer approximately a 10% reduction in delay, 7% faster response time, and 11% minimized memory usage compared with existing authentication schemes for premium web-based applications.

show abstract

EAP Based Certificateless Authentication Technique to Access Cloud Services in Openstack

Raghavendra¹,

Ramesh²,

Chandrika³

2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

Evaluation of Secure OpenID-Based RAAA User Authentication Protocol for Preventing Specific Web Attacks in Web Apps

Cited by 5 publications

References 13 publications

Electronic User Authentication Key for Access to HMI/SCADA via Unsecured Internet Networks

Electronic User Authentication Key for Access to HMI/SCADA via Unsecured Internet Networks

A Frictionless and Secure User Authentication in Web-Based Premium Applications

EAP Based Certificateless Authentication Technique to Access Cloud Services in Openstack

Contact Info

Product

Resources

About