• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Scopus
  4. A Passwordless Authentication Mechanism for the Web Using Self-Sovereign Identity
 
  • Details
  • Full
Options
2026
Journal Article
Title

A Passwordless Authentication Mechanism for the Web Using Self-Sovereign Identity

Abstract
The traditional protected web services rely on a user authentication process. The combination of an identifier (e.g., username, email address and so on) and credential (e.g., password) still remains the most widely deployed user authentication process, even though such a process is one of the major sources of security breaches. Moreover, in this traditional setting, the management and sharing of user identity information is cumbersome. The consequence of this is that users increasingly find it difficult to manage their identity data scattered across multiple sites and they have limited controls over their own identity data. In recent times, Self-sovereign Identity (SSI) has emerged as a new mechanism for managing and exchanging identity information in a more user-centric and privacy-friendly way. There are many explorations of SSI in different application domains, however, its utility for passwordless authentication for the web mostly remains unexplored. In this article, we present SSI4Web, a framework which can facilitate a passwordless authentication mechanism for the web by employing a state-of-the-art SSI technology for providing web services with much more user control and greater flexibility. We present its architecture which is based on a threat model and requirement analysis, discuss its implementation details and sketch out its use-cases along with protocol flows. In addition, we analyse its performance, evaluate its security using ProVerif, a state-of-the-art protocol verifier and discuss its advantages and limitations.
Author(s)
Ferdous, Md Sadek
BRAC University
Ali, Md Yeasin
BRAC University
Chowdhury, Fairuz Rahaman
Cryptic Consultancy Limited
Nahid, Masum Alam
Cryptic Consultancy Limited
Ionita, Andrei
Fraunhofer Institute for Applied Information Technology FIT  
Prinz, Wolfgang  
Fraunhofer-Institut für Angewandte Informationstechnik FIT  
Journal
ACM transactions on the web  
DOI
10.1145/3778360
Language
English
Fraunhofer-Institut für Angewandte Informationstechnik FIT  
Keyword(s)
  • blockchain

  • hyperledger aries

  • hyperledger indy

  • Passwordless authentication

  • self-sovereign identity

  • SSI

  • web

  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024