A Two Factor Based Anti-Phishing Method in Open ID

With the exponential growth in web based applications, a typical user has to create a lot of usernames and passwords in order to use these services, while using these services user have to keep track of her credentials which in turns results in high probability of identity theft. A secure and reliable identity management system is required in this scenario. OpenID is a good solution to interact with these services through one identity. However, it is quite vulnerable to different kind of attacks including phishing. To tackle such kinds of attacks, we purpose and evaluate a two factor based anti-phishing method using password and personal identification number which is considered very difficult to break. Proposed protocol works by taking two credentials from the user instead of one i.e. user password and her PIN code for verification at server side. This two factor based protocol is difficult to break even in case a phisher succeeds to get control of the user page.The prototype system is built and tested against the phishing attacks and is found to be strong enough for protection against identity theft.

[1]  Philippe A. Palanque,et al.  Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 2014, International Conference on Human Factors in Computing Systems.

[2]  Sriram Subramanian,et al.  Talking about tactile experiences , 2013, CHI.

[3]  Kilsoo Chun,et al.  A New Anti-phishing Method in OpenID , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[4]  Moon-Seog Jun,et al.  A Mechanism to Prevent RP Phishing in OpenID System , 2010, 2010 IEEE/ACIS 9th International Conference on Computer and Information Science.

[5]  Jeng-Shyang Pan,et al.  New Anti-phishing Method with Two Types of Passwords in OpenID System , 2011, 2011 Fifth International Conference on Genetic and Evolutionary Computing.

[6]  Ali Ghorbani,et al.  Globalization and the Role of E-Commerce in Its Expansion , 2013 .

[7]  Jan De Clercq,et al.  Single Sign-On Architectures , 2002, InfraSec.

[8]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[9]  Chun-Ying Huang,et al.  Using one-time passwords to prevent password phishing attacks , 2011, J. Netw. Comput. Appl..