The Requirement Model for Improved OpenID Single Sign-On (SSO) Authentication to Thwart Phishing Attack

摘要

The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames andpasswords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates thesituation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this researchattempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks.