An Evaluation of Page Token in OpenID Single Sign on (SSO) to Thwart Phishing Attack

Authors

  • Nur Haryani Zakaria School of Computing, College of Arts & Science, Universiti Utara Malaysia, Sintok, Kedah, Malaysia.
  • Mohd Faizal Zainul School of Computing, College of Arts & Science, Universiti Utara Malaysia, Sintok, Kedah, Malaysia.
  • Norliza Katuk School of Computing, College of Arts & Science, Universiti Utara Malaysia, Sintok, Kedah, Malaysia.
  • Hatim Mohammad Tahir School of Computing, College of Arts & Science, Universiti Utara Malaysia, Sintok, Kedah, Malaysia.
  • Mohd Nizam Omar School of Computing, College of Arts & Science, Universiti Utara Malaysia, Sintok, Kedah, Malaysia.

Keywords:

OpenID, Page Token, Phishing Attack, Phishing Tool, SSO,

Abstract

Single Sign-on (SSO) was introduced to overcome the issue of password memorability among users as researches have shown that users struggle to cope with too many sets of password as number of account increases. This is due to SSO relies on the usage of single authentication that allows users to access to multiple websites or services. As much as it has managed to solve the memorability issue to certain extend, users were found to have skeptical in its adoption due to security concerns. Among common issues of SSO is that it is prone to several attacks like spam, link manipulation, session hacking and particularly phishing. Despite of many efforts been placed to overcome phishing attack with regards to SSO, the effectiveness of the proposed solutions are yet to be proven by conducting extensive evaluation. Thus, this study intends to conduct an evaluation on a particular solution of phishing attack call page token. Page token was proposed recently which was claimed to be able to mitigate the issue of phishing attack with regards to SSO application. The evaluation involved a control laboratory experiment with participants being recruited to experience the usage of page token as a protection mechanism against phishing attack. The results showed are promising along with several suggestions given for further enhancement.

Downloads

Published

2018-02-26

How to Cite

Zakaria, N. H., Zainul, M. F., Katuk, N., Tahir, H. M., & Omar, M. N. (2018). An Evaluation of Page Token in OpenID Single Sign on (SSO) to Thwart Phishing Attack. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-11), 19–23. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3844

Most read articles by the same author(s)