Research Article
Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications
Table 1
Assessment of the proposed protocol model with existing OpenID model.
| | OpenID Methods | Login any
PC/Laptop
(Any/Own) | Security
(Safe/ Unsafe) | Price | Trust |
| | Preventing Session Hijacking [26] | Any (Verisign labs Personal Identity Portal used for the experiment) | Partially Safe (Double Authentication) | Free | Medium |
| | Anti-phishing OpenID Solution [1] | Any | Partially Safe (Double
Authentication) | Free | Medium |
| | BEAMAUTH Anti-phishing solution [44] | Own
(vanilla web browser) | Partially Safe
(Double
Authentication) | Low-cost | Low |
| | OpenID Authentication Model using Trusted Computing [35] | Any | Partially safe | Low-cost | High |
| | OpenID security weakness analyzed via OWASP tools [30] | Own
(web browser) | Not very much Secure | Free | Low |
| | Anti-phishing OpenID Page token solution [13] | Own
(google console developers and salesforec.com) | Partially secure | Low-cost | Medium |
| | Proposed DAAA Protocol | Any | Safe
(Triple
Authentication) | Free | High |
|
|
Bold observations provide best security features as compared to other OpenID methods. |
