JCP 2012 Vol.7(11): 2623-2628 ISSN: 1796-203X
doi: 10.4304/jcp.7.11.2623-2628
doi: 10.4304/jcp.7.11.2623-2628
Evaluation of OpenID-Based Double-Factor Authentication for Preventing Session Hijacking in Web Applications
Asif Muhammad, Nitin Tripathi
School of Engineering and Technology, Asian Institute of Technology Bangkok, Thailand
Abstract—Web users often find it difficult to manage their identities (IDs) due to large number of web applications. An effective and convenient ID management system is needed to handle the problem. OpenID is one of the better solutions to manage this task on heterogeneous web applications due to its lightweight and simple protocol. However, it is quite vulnerable to session hijacking, resulting in identity theft of a particular user. In this paper, we present a modified approach, based on double authentication that minimizes the risk of session hijacking in an OpenID environment.
Index Terms—OpenID, PIN, Session Hijacking, Internet security.
Abstract—Web users often find it difficult to manage their identities (IDs) due to large number of web applications. An effective and convenient ID management system is needed to handle the problem. OpenID is one of the better solutions to manage this task on heterogeneous web applications due to its lightweight and simple protocol. However, it is quite vulnerable to session hijacking, resulting in identity theft of a particular user. In this paper, we present a modified approach, based on double authentication that minimizes the risk of session hijacking in an OpenID environment.
Index Terms—OpenID, PIN, Session Hijacking, Internet security.
Cite: Asif Muhammad, Nitin Tripathi, "Evaluation of OpenID-Based Double-Factor Authentication for Preventing Session Hijacking in Web Applications," Journal of Computers vol. 7, no. 11, pp. 2623-2628, 2012.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>