Assessing Secure OpenID-Based EAAA Protocol to Prevent MITM and Phishing Attacks in Web Apps

To secure web applications from Man-In-The-Middle (MITM) and phishing attacks is a challenging task nowadays. For this purpose, authentication protocol plays a vital role in web communication which securely transfers data from one party to another. This authentication works via OpenID, Kerberos, password authentication protocols, etc. However, there are still some limitations present in the reported security protocols. In this paper, the presented anticipated strategy secures both Web-based attacks by leveraging encoded emails and a novel password form pattern method. The proposed OpenID-based encrypted Email’s Authentication, Authorization, and Accounting (EAAA) protocol ensure security by relying on the email authenticity and a Special Secret Encrypted Alphanumeric String (SSEAS). This string is deployed on both the relying party and the email server, which is unique and trustworthy. The first authentication, OpenID Uniform Resource Locator (URL) identity, is performed on the identity provider side. A second authentication is carried out by the hidden Email’s server side and receives a third authentication link. This Email’s third SSEAS authentication link manages on the relying party (RP). Compared to existing cryptographic single sign-on protocols, the EAAA protocol ensures that an OpenID URL’s identity is secured from MITM and phishing attacks. This study manages two attacks such as MITM and phishing attacks and gives 339?ms response time which is higher than the already reported methods, such as Single Sign-On (SSO) and OpenID. The experimental sites were examined by 72 information technology (IT) specialists, who found that 88.89% of respondents successfully validated the user authorization provided to them via Email. The proposed EAAA protocol minimizes the higher-level risk of MITM and phishing attacks in an OpenID-based atmosphere.