Online citations, reference lists, and bibliographies.

Evaluation Of OpenID-Based Double-Factor Authentication For Preventing Session Hijacking In Web Applications

Muhammad Asif, Nitin Tripathi
Published 2012 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Web users often find it difficult to manage their identities (IDs) due to large number of web applications. An effective and convenient ID management system is needed to handle the problem. OpenID is one of the better solutions to manage this task on heterogeneous web applications due to its lightweight and simple protocol. However, it is quite vulnerable to session hijacking, resulting in identity theft of a particular user. In this paper, we present a modified approach, based on double authentication that minimizes the risk of session hijacking in an OpenID environment.
This paper references
Last accessed on December 25th
(2007)
Bank of America. Site Key
Available online at http:://pinharvard.edu/. Last accessed on February 3rd
(2007)
Passwords in the Clear , 2006
Hyun-Kyung Oh
Anti-Phishing Working Group. Phishing Activity Trends
OpenID Authentication 1.1 May 2006. http://openid.net/specs/openid- authentication-1_1.html. Last accessed on
D Recordon (2011)
The Pharming Guide, available online at http://www.ngssoftware.com/papers/ThePharmingGuide.p df
Gunter Ollmann (2011)
10.1145/1315245.1315253
Beamauth: two-factor web authentication with a bookmark
B. Adida (2007)
CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
(2011)
Internet Engineering task force document , available online at http
Browser-Based Authentication. http://developer.yahoo.com/auth/, Last accessed on
Yahoo (2011)
Recordon and B . Fitzpatrick . OpenID Authentication 1 . 1 May 2006
Kim Cameron (2006)
OpenID Authentication 1.1 May 2006. http://openid.net/specs/openidauthentication-1_1.html
D. Recordon (2011)
The OpenID book, A comprehensive guide to OpenID protocol and running OpenID enabled web sites
Rafeeq Ur Rehman (2008)
Microsoft Releases Windows Malware Stats
Brian Krebs (2006)
10.1007/978-3-8348-9418-2_13
Design Rationale behind the Identity Metasystem Architecture
K. Cameron (2007)
10.1109/ICACT.2008.4494089
The Security Limitations of SSO in OpenID
Hyun-Kyung Oh (2008)
Two factor authentication definition from Wikipedia, available online at http://en.wikipedia.org/wiki/Twofactor_authentication . Last accessed on
(2011)
The OpenID book, A comprehensive guide to OpenID protocol and running OpenID enabled web sites
Rafeeq Ur (2008)
Design Rationale behind the Identity
Kim Cameron (2006)
What is a sign-in Seal? http://security. yahoo.com/article.html?aid=2006102507
Yahoo
OpenID: Phishing Heaven http://www.links.org/?p=187
Ben Laurie (2007)
An Openid based consumer website. The live journal OpenID Enabled website, available online at http://www.livejournal.com/openid
(2011)
10.1145/1330107.1330152
Perils of transitive trust in the domain name system
V. Ramasubramanian (2005)
10.1145/1124772.1124861
Why phishing works
Rachna Dhamija (2006)
Thawatchai Chomsiri, HTTPS Hacking protection. 21 st International Conference on Advanced Information Networking and applications workshops (AINAW'07)
(2007)
The Pharming Guide, available online at http://www.ngssoftware.com/papers/ThePharmingGuide.p df. Last accessed on
Gunter Ollmann (2011)
Stronger Password Authentication Using Browser Extensions
Blake Ross (2005)



This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar