A Page Token Prototype of OpenID Single Sign-On (SSO) to Thwart Phishing Attack

Authors

  • Nur Haryani Zakaria School of Computing, College of Arts & Sciences, Universiti Utara Malaysia.
  • Wan Mohd Yusoff Wan Yaacob School of Computing, College of Arts & Sciences, Universiti Utara Malaysia.
  • Norliza Katuk School of Computing, College of Arts & Sciences, Universiti Utara Malaysia.
  • Hatim Mohamad Tahir School of Computing, College of Arts & Sciences, Universiti Utara Malaysia.
  • Mohd Nizam Omar School of Computing, College of Arts & Sciences, Universiti Utara Malaysia.

Keywords:

OpenID, Page Token, Phishing Attack, Single Sign-On (SSO),

Abstract

Single Sign-on (SSO) authentication was introduced to overcome the problem of password memorability issue by enabling the users to login once using a set of username and password that allows an access into multiple websites. Among several SSO protocol, OpenID is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack due to lack of countermeasures to ensure authenticity of OpenID provider. In view of the proliferation of phishing attack that exposed users to fraud website, information theft and unauthorized disclosure, this study attempts to identify and propose a suitable countermeasure in order to thwart phishing attack in OpenID environment. Therefore, this study intends to develop a prototype that implements Page Token in order to mitigate phishing attack. The findings revealed that the Page Token is possible to minimize the potential risk of phishing attack.

Downloads

Published

2016-12-01

How to Cite

Zakaria, N. H., Wan Yaacob, W. M. Y., Katuk, N., Mohamad Tahir, H., & Omar, M. N. (2016). A Page Token Prototype of OpenID Single Sign-On (SSO) to Thwart Phishing Attack. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 8(10), 59–66. Retrieved from https://jtec.utem.edu.my/jtec/article/view/1372

Issue

Vol. 8 No. 10: Science and Technology for Sustainable Development and Improving Quality of Life II

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.


Most read articles by the same author(s)