The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack
The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Published: |
American Scientific Publishers
2017
|
| Subjects: |
| _version_ | 1803628984257216512 |
|---|---|
| author | Zakaria, Nur Haryani Mat Nayan, Nadia Hasidah Mohamad Tahir, Hatim Katuk, Norliza Mohammed, Abubakar |
| author_facet | Zakaria, Nur Haryani Mat Nayan, Nadia Hasidah Mohamad Tahir, Hatim Katuk, Norliza Mohammed, Abubakar |
| author_sort | Zakaria, Nur Haryani |
| collection | UUM |
| description | The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates the situation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this research attempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks. |
| first_indexed | 2024-07-04T06:30:38Z |
| format | Article |
| id | uum-25683 |
| institution | Universiti Utara Malaysia |
| last_indexed | 2024-07-04T06:30:38Z |
| publishDate | 2017 |
| publisher | American Scientific Publishers |
| record_format | dspace |
| spelling | uum-256832019-02-28T03:16:47Z https://repo.uum.edu.my/id/eprint/25683/ The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack Zakaria, Nur Haryani Mat Nayan, Nadia Hasidah Mohamad Tahir, Hatim Katuk, Norliza Mohammed, Abubakar QA75 Electronic computers. Computer science The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates the situation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this research attempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks. American Scientific Publishers 2017 Article PeerReviewed Zakaria, Nur Haryani and Mat Nayan, Nadia Hasidah and Mohamad Tahir, Hatim and Katuk, Norliza and Mohammed, Abubakar (2017) The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack. Advanced Science Letters, 23 (6). pp. 5410-5414. ISSN 1936-6612 http://doi.org/10.1166/asl.2017.7388 doi:10.1166/asl.2017.7388 doi:10.1166/asl.2017.7388 |
| spellingShingle | QA75 Electronic computers. Computer science Zakaria, Nur Haryani Mat Nayan, Nadia Hasidah Mohamad Tahir, Hatim Katuk, Norliza Mohammed, Abubakar The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title | The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title_full | The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title_fullStr | The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title_full_unstemmed | The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title_short | The requirement model for improved openID single Sign-On (SSO) authentication to thwart phishing attack |
| title_sort | requirement model for improved openid single sign on sso authentication to thwart phishing attack |
| topic | QA75 Electronic computers. Computer science |
| work_keys_str_mv | AT zakarianurharyani therequirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT matnayannadiahasidah therequirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT mohamadtahirhatim therequirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT katuknorliza therequirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT mohammedabubakar therequirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT zakarianurharyani requirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT matnayannadiahasidah requirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT mohamadtahirhatim requirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT katuknorliza requirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack AT mohammedabubakar requirementmodelforimprovedopenidsinglesignonssoauthenticationtothwartphishingattack |