Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

Abstract EN

It is increasingly difficult to manage the user identities (IDs) of rapidly developing and numerous types of online web-based applications in the present era.

An innovative ID management system is required for managing the user IDs.

The OpenID lightweight protocol is a better solution to manage the user IDs.

In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more chances of valid user session hijacked.

The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters such as Special Alphanumeric String (SAS) and Special Security PIN (SSP).

The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and SAS and SSP field at Relying Party (RP) side.

The anticipated protocol provides unique Single-Sign-On (SSO) services to OpenID users.

The experimental website is tested by experts of web developers for avoiding session hijacking situation in the presence of hackers.

The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.