The Requirement Model for Improved OpenID Single Sign-On (SSO) Authentication to Thwart Phishing Attack

Abstract

The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates the situation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this research attempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks.