Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps  

作　　者：Muhammad Bilal Sandile C.Showngwe Abid Bashir Yazeed Y.Ghadi 

机构地区：[1]College of Computer Science and Technology,Zhejiang University,Hangzhou,310027,China [2]Department of Mathematical Statistics and Actuarial Science,Faculty of Natural and Agricultural Sciences,University of the Free State,Bloemfontein,9301,South Africa [3]Department of Computer Science,National Textile University,Faisalabad,38000,Pakistan [4]Department of Computer Science/Software Engineering,Al Ain University,Abu Dhabi,UAE

出　　处：《Computers, Materials & Continua》2023年第6期4713-4733,共21页计算机、材料和连续体（英文）

摘　　要：To secure web applications from Man-In-The-Middle(MITM)and phishing attacks is a challenging task nowadays.For this purpose,authen-tication protocol plays a vital role in web communication which securely transfers data from one party to another.This authentication works via OpenID,Kerberos,password authentication protocols,etc.However,there are still some limitations present in the reported security protocols.In this paper,the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method.The proposed OpenID-based encrypted Email’s Authentication,Authorization,and Accounting(EAAA)protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String(SSEAS).This string is deployed on both the relying party and the email server,which is unique and trustworthy.The first authentication,OpenID Uniform Resource Locator(URL)identity,is performed on the identity provider side.A second authentication is carried out by the hidden Email’s server side and receives a third authentication link.This Email’s third SSEAS authentication link manages on the relying party(RP).Compared to existing cryptographic single sign-on protocols,the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks.This study manages two attacks such as MITM and phishing attacks and gives 339 ms response time which is higher than the already reported methods,such as Single Sign-On(SSO)and OpenID.The experimental sites were examined by 72 information technology(IT)specialists,who found that 88.89%of respondents successfully validated the user authorization provided to them via Email.The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.

关 键 词：SECURE user authentication SSO OPENID phishing attack MITM attack 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]