Abstract
It is increasingly difficult to manage the user identities (IDs) of rapidly developing and numerous types of online web-based applications in the present era. An innovative ID management system is required for managing the user IDs. The OpenID lightweight protocol is a better solution to manage the user IDs. In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more chances of valid user session hijacked. The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters such as Special Alphanumeric String (SAS) and Special Security PIN (SSP). The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and SAS and SSP field at Relying Party (RP) side. The anticipated protocol provides unique Single-Sign-On (SSO) services to OpenID users. The experimental website is tested by experts of web developers for avoiding session hijacking situation in the presence of hackers. The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.
Highlights
Identity Management is a vital administrative area in the major field of Information Technology (IT) and security
How can secure and reliable user authentication in an OpenID communication environment be ensured for online web applications in a session hijack situation?
The anticipated model is designed with the help of OpenID communication-based components: OpenID Provider (OP), Relying Party (RP), and client agents for securing the OpenID URL identity
Summary
Identity Management is a vital administrative area in the major field of Information Technology (IT) and security. OpenID communication-based environment provides multiple benefits, such as strong authentication for valid and authentic user access in OpenID related websites that facilitate the OpenID-enabled users [36]. Authentication of users via OpenID URL in OpenID communication-based web applications is a major issue faced still today due to insecurity and unreliability because of session hijacking risk. How can secure and reliable user authentication in an OpenID communication environment be ensured for online web applications in a session hijack situation?. A secure OpenID protocol is designed and implemented in an experimental website to demonstrate protection against session hijacking In this innovate protocol, OpenID URL is secured by using two parameters SAS and SSP at client / RP side.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
