Secure OpenID Authentication Model by Using Trusted Computing

Ghazizadeh, Eghbal; Dolatabadi, Z. S. Shams; Khaleghparast, Reza; Zamani, Mazdak; Manaf, Azizah Abdul; Abdullah, Mohd Shahidan

doi:10.1155/2014/561487

Cited by 6 publications

(4 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This paper basically analyzed existing cloud computing techniques strengths and weakness. In this paper, an anticipated model is the one in which One Time Password (OTP), Trusted Platform Module (TPM), and OpenID are used for avoiding phishing attacks in the cloud-based environment [35].…”

Section: Related Workmentioning

confidence: 99%

Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

Bilal

Asif

Bashir

2018

Security and Communication Networks

View full text Add to dashboard Cite

It is increasingly difficult to manage the user identities (IDs) of rapidly developing and numerous types of online web-based applications in the present era. An innovative ID management system is required for managing the user IDs. The OpenID lightweight protocol is a better solution to manage the user IDs. In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more chances of valid user session hijacked. The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters such as Special Alphanumeric String (SAS) and Special Security PIN (SSP). The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and SAS and SSP field at Relying Party (RP) side. The anticipated protocol provides unique Single-Sign-On (SSO) services to OpenID users. The experimental website is tested by experts of web developers for avoiding session hijacking situation in the presence of hackers. The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.

show abstract

Section: Related Workmentioning

confidence: 99%

Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

Bilal

Asif

Bashir

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Similarly Trusted Platform Module (TPM), One Time Password (OTP) and Trust Multitenancy were applied along with OpenId [7] to stop phishing and identity theft. Thus using hardware-based activation and all of the above, a robust authentication module for cloud applications were created successfully.…”

Section: Literature Reviewmentioning

confidence: 99%

Implementation of OpenIdconnect and OAuth 2.0 to create SSO for educational institutes

Sujanani¹,

Vinod²

2018

IJET

View full text Add to dashboard Cite

Increase in the number of users is directly proportional to the need of verifying them. This means that any user using any website or application has to be authenticated first; this leads to the creation of multiple credentials of one user. Now if these different websites or applications are connected or belong to one single organization like a college or school, a lot of redundancy of data is there. Along with this, each user has to remember a wide range of credentials for different applications/websites. So in this paper, we address the issue of redundancy and user related problems by introducing SSO using OpenId Connect in educational institutes. We aim to mark the difference between the traditional system and proposed login by testing it on a group of users.

show abstract

“…With the prevalence of growing security breaches, workable solutions -such as OpenID digital signatures with user names and passwords, digital signatures including encryption techniques and certain authentication services were introduced [20]. But not all of these served well in every environment.…”

Section: Trusted Mobile Cloud Environmentmentioning

confidence: 99%

A Secure Client Aware Certification for Mobile Cloud Offloading Decision

Uma¹,

Tamilselvan²,

Silviya³

et al. 2017

IJIES

View full text Add to dashboard Cite

Abstract:The advancements in smartphones with excellent feasibility and networking capabilities paved the way for rising leap in mobile communication, but their limitations incline users to next level paradigm called Mobile Cloud Computing. Despite the cloud services reaching far greater heights, the issues of to security and privacy needs to be addressed. Therefore, our proposed Client Aware Certification (CAC) model ensures to identify the authenticity of client devices connected to the cloud based on the behaviour predictability and security checks. A resource broker identifies the trustworthiness of the client devices before offloading any task. Integrity check, privacy protection, and access patterns are some of the attributes considered for offloading decision. The model achieves better security, privacy, and performance for resource migration. Identity management and certification feature ensure a better predictability with secure virtual communication. The model is experimented with AWS cloud platform and tested for a video conversion application.

show abstract

Secure OpenID Authentication Model by Using Trusted Computing

Cited by 6 publications

References 50 publications

Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

Implementation of OpenIdconnect and OAuth 2.0 to create SSO for educational institutes

A Secure Client Aware Certification for Mobile Cloud Offloading Decision

Contact Info

Product

Resources

About