Detecting Risky Authentication Using the OpenID Connect Token Exchange Time

Alex Heunhe Han, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review


With the rise in sophisticated cyber threats, traditional authentication methods are no longer sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust framework—a paradigm shift that assumes no trust within or outside the network. This research introduces a novel proposal as its core: utilization of the time required by OpenID Connect (OIDC) token exchanges as a new RBA feature. This innovative approach enables the detection of tunneled connections without any intervention from the user’s browser or device. By analyzing the duration of OIDC token exchanges, the system can identify any irregularities that may signify unauthorized access attempts. This approach not only improves upon existing RBA frameworks but is also in alignment with the broader movement toward intelligent and responsive security systems.

Original languageEnglish
Article number8256
Issue number19
Publication statusPublished - 2023 Oct

Bibliographical note

Publisher Copyright:
© 2023 by the authors.


  • identity and access management
  • OIDC protocol
  • risk-based authentication

ASJC Scopus subject areas

  • Analytical Chemistry
  • Information Systems
  • Atomic and Molecular Physics, and Optics
  • Biochemistry
  • Instrumentation
  • Electrical and Electronic Engineering


Dive into the research topics of 'Detecting Risky Authentication Using the OpenID Connect Token Exchange Time'. Together they form a unique fingerprint.

Cite this