Special Issue Paper
Identifying an OpenID anti-phishing scheme for cyberspace
Article first published online: 7 MAY 2014
Copyright © 2014 John Wiley & Sons, Ltd.
Security and Communication Networks
How to Cite
Abbas, H., Qaemi Mahmoodzadeh, M., Aslam Khan, F. and Pasha, M. (2014), Identifying an OpenID anti-phishing scheme for cyberspace. Security Comm. Networks. doi: 10.1002/sec.1027
- Article first published online: 7 MAY 2014
- Manuscript Accepted: 23 MAR 2014
- Manuscript Revised: 17 FEB 2014
- Manuscript Received: 30 APR 2013
- password-less authentication;
- secure OpenID provider;
- cyber security innovations
OpenID is widely being used for user centric identity management in many Web applications. OpenID provides Web users with the ability to manage their identities through third party identity providers while remaining independent of the subject that actually uses the identities to authenticate individuals. Starting from the early stages of its inception, OpenID has received a large amount of acceptance and use in the current Web community because of its flexibility and ease of use. However, in addition to its benefits and flexibilities, OpenID faces its own share of vulnerabilities and threats, which have made its future and large-scale use in cyberspace questionable. OpenID Phishing is one such attack that has received much attention and that requires a comprehensive solution. This paper aims at identifying and discussing a solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The research will help in next-generation cyber security innovations by reducing the authentication dependency on user credentials, that is, login name/password. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation. Copyright © 2014 John Wiley & Sons, Ltd.