Andreas Leicher, Andreas Schmidt, Yogendra Shah,
OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity ... this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user’s device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials ... We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts ...
Tópico(s): IPv6, Mobility, Handover, Networks, Security
2012 - Springer Science+Business Media | IFIP advances in information and communication technology
Muhammad Bilal, Muhammad Asif, Abid Bashir,
... is required for managing the user IDs. The OpenID lightweight protocol is a better solution to manage the user IDs. In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more ... session hijacked. The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters ... The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and ...
Tópico(s): Security and Verification in Computing
2018 - Hindawi Publishing Corporation | Security and Communication Networks
San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov,
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of ... empirical evaluation of 132 popular websites that support OpenID. Our formal analysis reveals that the protocol does ... results of our empirical evaluation suggest that many OpenID-enabled websites are vulnerable to a series of ... force a victim user to sign into the OpenID supporting website and launch subsequent CSRF attacks (81%), ... evaluate a simple and scalable mitigation technique for OpenID-enabled websites, and an alternative man-in-the- ...
Tópico(s): Spam and Phishing Detection
2012 - Elsevier BV | Computers & Security
Haider Abbas, Moeen Qaemi Mahmoodzadeh, Farrukh Aslam Khan, Maruf Pasha,
Abstract OpenID is widely being used for user centric identity management in many Web applications. OpenID provides Web users with the ability to manage ... Starting from the early stages of its inception, OpenID has received a large amount of acceptance and ... However, in addition to its benefits and flexibilities, OpenID faces its own share of vulnerabilities and threats, ... future and large‐scale use in cyberspace questionable. OpenID Phishing is one such attack that has received ... aims at identifying and discussing a solution to OpenID Phishing by proposing a user authentication scheme that ...
Tópico(s): Access Control and Trust
2014 - Hindawi Publishing Corporation | Security and Communication Networks
Wanpeng Li, Chris J. Mitchell,
... to relying party (RP) websites supporting Google's OpenID Connect service. OpenID Connect builds an identity layer on top of ... itself been widely adopted to support identity management. OpenID Connect allows an RP to obtain authentication assurances ... have analysed OAuth 2.0 security, but whether OpenID Connect is secure in practice remains an open ... scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites ... a combination of Google's design of its OpenID Connect service and RP developers making design decisions ...
Tópico(s): Security and Verification in Computing
2016 - Springer Science+Business Media | Lecture notes in computer science
Manuel Urueña, Alfonso Muñoz, David Larrabeiti,
... sign-on platforms for web-based content access: OpenID and Facebook Connect. In particular we describe in detail a privacy vulnerability of the OpenID Authentication Protocol that leads to the exposure of the OpenID user identifier to third parties. We illustrate how OpenID agents leak the (potentially unique) OpenID identifiers of their users to third parties, like ... is a real and widespread privacy risk for OpenID users. This paper also analyzes the privacy of ... of possible countermeasures. In the case of the OpenID vulnerability, we propose three solutions to this problem: ...
Tópico(s): Access Control and Trust
2012 - Springer Science+Business Media | Multimedia Tools and Applications
Ginés Dólera Tormo, Félix Gómez Mármol, Gregorio Martínez Pérez,
OpenID is an open standard providing a decentralized authentication mechanism to end users. It is based on ... account on every website they are visiting. However, OpenID providers are normally used as a point to ... reputation management solution integrated as part of the OpenID protocol can help users to determine whether a ... reputation framework that can be applied to the OpenID SSO (Single Sign-On) standard solution. It also ... how the protocol itself can be enhanced so OpenID providers can collect (and provide) recommendations from (to) ...
Tópico(s): Recommender Systems and Techniques
2013 - Elsevier BV | Computer Standards & Interfaces
... to register each Web site. It is the OpenID to resolve these burdensome. The OpenID provides the single sign-on service which a ... several Web sites by submitting the password of OpenID to authentication server only once. In this paper, we analyze the single sign-on in OpenID and show an experiment of vulnerability of OpenID.
Tópico(s): Web Application Security Vulnerabilities
2008 - Institute of Electrical and Electronics Engineers | International Conference on Advanced Communication Technology
Bart van Delft, Martijn Oostdijk,
OpenID, a standard for Web single sign-on, has been gaining popularity both with Identity Providers, Relying ... users. This paper collects the security issues in OpenID found by others, occasionally extended by the authors, ... is to raise awareness about security issues surrounding OpenID and similar standards and help shape opinions on what (not) to expect from OpenID when deployed in a not-so-friendly context.
Tópico(s): Security and Verification in Computing
2010 - Springer Science+Business Media | IFIP advances in information and communication technology
MA Wei-na, Kamran Sartipi, Hassan Sharghigoorabi, David Koff, Peter Bak,
... for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state ... also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in ... cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization ...
Tópico(s): Scientific Computing and Data Management
2016 - SPIE | Journal of Medical Imaging
Jintian Lu, J. ZHANG, Jing Li, Zhongyu Wan, Bo Meng,
Owning to the widely deployment of OpenID Connect protocol in the important applications, in order to provide a strong confidence in its security for the people, in this study, we firstly review OpenID Connect protocol. And then, we use the formal language: Applied PI calculus to model OpenID Connect protocol and provide a security analysis with ... some approaches to address the security problems in OpenID Connect protocol.
Tópico(s): Access Control and Trust
2016 - Springer International Publishing | Lecture notes on data engineering and communications technologies
... are actively supporting standards such as OAuth or OpenID Connect, becoming in many cases identity providers. This ... Naturally, experts are predicting a widespread adoption of OpenID Connect in the next years not only in ... this work presents a thorough threat modelling of OpenID Connect core specification and its current implementations. Threats ...
Tópico(s): Advanced Authentication Protocols Security
2019 - Elsevier BV | Computers & Security
Félix Gómez Mármol, Marcus Q. Kuhnen, Gregorio Martínez Pérez,
OpenID is an open standard providing a decentralised authentication mechanism to end users. It is based on ... account on every website they are visiting. However, OpenID providers are usually also being used as a ... reputation management solution integrated as part of the OpenID protocol can help users to determine whether certain ... reputation framework that can be applied to the OpenID SSO (Single Sign-On) standard solution. It also ... how the protocol itself can be enhanced so OpenID providers can collect (and provide) recommendations from (to) ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2011 - Springer Science+Business Media | Lecture notes in computer science
Muhammad Asif, Nitin Kumar Tripathi,
... management system is needed to handle the problem. OpenID is one of the better solutions to manage ... minimizes the risk of session hijacking in an OpenID environment.
Tópico(s): Network Security and Intrusion Detection
2012 - Academy Publisher | Journal of Computers
Produção Nacional
Revisado por pares
Diego Kreutz, Oleksandr Malichevskyy, Eduardo Feitosa, Hugo Cunha, Rodrigo da Rosa Righi, Douglas Dyllon Jerônimo de Macedo,
... and continuous operation of identity providers (e.g., OpenID) and authentication, authorization and accounting services (e.g., ... evaluation of both resilient RADIUS (R-RADIUS) and OpenID (R-OpenID) prototypes. We show that our solution makes services ...
Tópico(s): Security and Verification in Computing
2016 - Elsevier BV | Journal of Network and Computer Applications
Andreas Leicher, Andreas Schmidt, Yogendra Shah, Inhyok Cha,
... of identity management systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our ... a building block to establish trust in the OpenID protocol between the identity provider and the device. ...
Tópico(s): Advanced Malware Detection Techniques
2011 - Inderscience Publishers | International Journal of Internet Technology and Secured Transactions
Felician Alecu, Paul Pocatilu, George Stoica, Cristian Ciurea, Sergiu Capisizu,
... again for the username and password. Using the OpenID standard for e-learning Web-based applications is ... identifiers. This paper presents the main characteristics of OpenID standard and how this standard could be implemented ...
Tópico(s): Algorithms and Data Compression
2011 - | Journal of Mobile, Embedded and Distributed Systems
Chun‐Ying Huang, Shang‐Pin Ma, Kuan-Ta Chen,
... proposed solution can be seamlessly integrated with the OpenID service so that websites supporting OpenID benefit directly from the proposed solution. The proposed ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2011 - Elsevier BV | Journal of Network and Computer Applications
Eghbal Ghazizadeh, Mazdak Zamani, Jamalul‐lail Ab Manan, Mojtaba Alizadeh,
... cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy ... use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the ...
Tópico(s): Blockchain Technology Applications and Security
2014 - Hindawi Publishing Corporation | The Scientific World JOURNAL
Kubový Jan, H. J. Christian, Markus Jäger, Josef K�ung,
... proposed in the OAuth2.0 framework and the OpenID Standard are often used. The communication between the ... Authentication & Authorization System (CAAS), an implementation of the OpenId standard and the OAuth2.0 framework that uses ...
Tópico(s): Cryptography and Data Security
2016 - Springer Science+Business Media | Lecture notes in computer science
Stefanos Malliaros, Christos Xenakis, George Moldovan, John Mantas, Andriana Magdalinou, Lydia Montandon,
... GDPR EU laws of data protection.CrowdHEALTH deploys OpenID Connect, an authentication protocol to provide flexibility, scalability, ... access control policies.Results: CrowdHEALTH integrates ABAC with OpenID Connect to build an effective and scalable base ...
Tópico(s): Privacy-Preserving Technologies in Data
2019 - | Acta Informatica Medica
Yousra Belfaik, Yassine Sadqi, Yassine Maleh, Safi Said, Lo’ai Tawalbeh, Khaled Salah,
OpenID Connect (OIDC) is one of the most widely used delegated authentication protocols in web and mobile ...
Tópico(s): Spam and Phishing Detection
2023 - Institute of Electrical and Electronics Engineers | IEEE Access
Eghbal Ghazizadeh, Z. S. Shams Dolatabadi, Reza Khaleghparast, Mazdak Zamani, Azizah Abdul Manaf, Mohd Shahidan Abdullah,
... against identity theft. Single sign-on (SSO) and OpenID have been used to decrease the complexity of ... in which One Time Password (OTP), TPM, and OpenID are used to provide a solution against phishing ...
Tópico(s): Network Security and Intrusion Detection
2014 - Hindawi Publishing Corporation | Abstract and Applied Analysis
Produção Nacional
Jairo Matheus Alves, Thiago Gomes Rodrigues, David Beserra, Jorge Cavalcanti Barbosa Fonsêca, Patrícia Takako Endo, Judith Kelner,
... and for the identity management, we use the OpenID protocol that allows a Single Sign One access. ...
Tópico(s): Security and Verification in Computing
2017 - Institute of Electrical and Electronics Engineers | IEEE Latin America Transactions
Benedikt Mättig, Martin Fiedler, Alexander Hille, Björn Anderseck,
The openID-center as an open integration platform for intra logistic systems focuses its development process on applications and ...
Tópico(s): Digital Transformation in Industry
2012 - Springer Science+Business Media | Communications in computer and information science
Filipa Falcão-Reis, Manuel E. Correia,
... generic control mechanisms scenarios based on the Extended OpenID (eOID), a user centric digital identity provider previously developed by our group, which leverages a secured OpenID 2.0 infrastructure with the recently released Portuguese ...
Tópico(s): Privacy, Security, and Data Protection
2010 - IOS Press | Studies in health technology and informatics
... its users. The existing SSO protocol such as OpenID Connect protocol provides secure SSO but it is ... identity provider. This paper proposes an extension of OpenID Connect protocol that establishes a central identity provider ... accounts using single login information. The proposed Enhanced OpenID Connect (EOIDC) modifies the authorization code flow of OpenID Connect to build a secure channel from a ...
Tópico(s): Access Control and Trust
2018 - De Gruyter Open | Cybernetics and Information Technologies
Francis Hsu, Hao Chen, Sridhar Machiraju,
... have implemented a prototype of WebCallerID using the OpenID framework. The prototype shows that WebCallerID seamlessly integrates into OpenID-capable Web authentication while avoiding phishing problems in OpenID and simplifying user participation.
Tópico(s): Advanced Malware Detection Techniques
2011 - IOS Press | Journal of Computer Security
Christian Prehofer, Jilles van Gurp, Vlad Stirbu, Sailesh Satish, Sasu Tarkoma, Cristiano di Flora, Pasi P. Liimatainen,
... flexible access control mechanism on top of the OpenID and OAuth protocols provides security and access control ...
Tópico(s): IoT and Edge/Fog Computing
2009 - Institute of Electrical and Electronics Engineers | IEEE Pervasive Computing
Steven J. Murdoch, Ross Anderson,
... While other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology ...
Tópico(s): Digital Platforms and Economics
2010 - Springer Science+Business Media | Lecture notes in computer science