Amidst the wild west of user authentication, this study introduces a new sheriff in town: the Self-Sovereign Authentication Scheme (SSASy). Traditional authentication methods, like passwords, are often fraught with usability and security concerns, leading users to find workaround ways that compromise the intended security. Federated Identities (FI) offer a convenient alternative, yet, they infringe on users' sovereignty over their identity and lead to privacy concerns. To address these challenges, this study proposes SSASy, which leverages cryptography and browser technology to provide a sovereign, usable, and secure alternative to the existing user authentication schemes. The proposal, which is a proof-of-concept, is comprised of a core library, which provides the authentication protocol to developers, and a browser extension that simplifies the authentication process for users. SSASy is available as an open-source project on GitHub for practical demonstration on multiple browser stores, bringing our theoretical study into the realm of tangible, real-world application. SSASy is evaluated and compared to existing authentication schemes using the "Usability-Deployability-Security" (UDS) framework. The results demonstrate that, although other authentication schemes may excel in a specific dimension, SSASy delivers a more balanced performance across the three dimensions which makes it a promising alternative.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:ltu-99248 |
| Date | January 2023 |
| Creators | Manzi, Olivier |
| Publisher | Luleå tekniska universitet, Institutionen för system- och rymdteknik |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.028 seconds