Online citations, reference lists, and bibliographies.

Evaluation Of OpenID-Based Double-Factor Authentication For Preventing Session Hijacking In Web Applications

Muhammad Asif, Nitin Tripathi
Published 2012 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Web users often find it difficult to manage their identities (IDs) due to large number of web applications. An effective and convenient ID management system is needed to handle the problem. OpenID is one of the better solutions to manage this task on heterogeneous web applications due to its lightweight and simple protocol. However, it is quite vulnerable to session hijacking, resulting in identity theft of a particular user. In this paper, we present a modified approach, based on double authentication that minimizes the risk of session hijacking in an OpenID environment.
This paper references
Last accessed on December 25th
Bank of America. Site Key
Available online at http::// Last accessed on February 3rd
Passwords in the Clear , 2006
Hyun-Kyung Oh
Anti-Phishing Working Group. Phishing Activity Trends
OpenID Authentication 1.1 May 2006. authentication-1_1.html. Last accessed on
D Recordon (2011)
The Pharming Guide, available online at df
Gunter Ollmann (2011)
Beamauth: two-factor web authentication with a bookmark
B. Adida (2007)
CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Internet Engineering task force document , available online at http
Browser-Based Authentication., Last accessed on
Yahoo (2011)
Recordon and B . Fitzpatrick . OpenID Authentication 1 . 1 May 2006
Kim Cameron (2006)
OpenID Authentication 1.1 May 2006.
D. Recordon (2011)
The OpenID book, A comprehensive guide to OpenID protocol and running OpenID enabled web sites
Rafeeq Ur Rehman (2008)
Microsoft Releases Windows Malware Stats
Brian Krebs (2006)
Design Rationale behind the Identity Metasystem Architecture
K. Cameron (2007)
The Security Limitations of SSO in OpenID
Hyun-Kyung Oh (2008)
Two factor authentication definition from Wikipedia, available online at . Last accessed on
The OpenID book, A comprehensive guide to OpenID protocol and running OpenID enabled web sites
Rafeeq Ur (2008)
Design Rationale behind the Identity
Kim Cameron (2006)
What is a sign-in Seal? http://security.
OpenID: Phishing Heaven
Ben Laurie (2007)
An Openid based consumer website. The live journal OpenID Enabled website, available online at
Perils of transitive trust in the domain name system
V. Ramasubramanian (2005)
Why phishing works
Rachna Dhamija (2006)
Thawatchai Chomsiri, HTTPS Hacking protection. 21 st International Conference on Advanced Information Networking and applications workshops (AINAW'07)
The Pharming Guide, available online at df. Last accessed on
Gunter Ollmann (2011)
Stronger Password Authentication Using Browser Extensions
Blake Ross (2005)

This paper is referenced by
Semantic Scholar Logo Some data provided by SemanticScholar