СУЧАСНІ СПОСОБИ АВТЕНТИФІКАЦІЇ ТА  ЗАХИСТ НА ОСНОВІ ТОКЕНІВ

Nina Zdolbitska; Oksana Zhyharevych; Dmytro Bas

Authors

Nina Zdolbitska Lutsk National Technical University https://orcid.org/0000-0002-1345-3581
Oksana Zhyharevych Lesya Ukrainka Volyn National University https://orcid.org/0000-0002-7154-9733
Dmytro Bas Lutsk National Technical University

Keywords:

security, authorization, authentication, Single Sign-On (SSO), OpenID Connect protocol, JSON, JWT, HTTP, web application

Abstract

With the development of digital transformation, new problems have arisen related to the protection of users' own accounts and personal data. The development of business and services has caused the need to use a large number of web applications to support everyday life, and therefore the number of users of these applications has increased. As the number and complexity of web applications grows, developers are faced with the need to provide the latest level of scalability and complexity to ensure user security, using currently popular micro- and nano-authorization services. User identity and access management aims to ensure that people have the right access to the right resources and prevent unauthorized users from entering. To provide single sign-on across multiple accounts and logins, there is a set of authorization, authentication, and single sign-on (SSO) protocols called OpenID Connect. The authentication mechanism is considered, clearly explaining how token-based authentication works and what are the main factors that drive the entire security process. With token-based authentication, users have the option to log into their own accounts using a smartphone or security key, or for passwordless operation. With token-based authentication, the user is checked for access to credentials once in a certain period of time, there is no need to register continuously.

References

Norton LifeLock says thousands of customer accounts breached. URL: https://techcrunch.com/2023/01/15/norton-lifelock-password-manager-data/

Zdolbitska Nina , Bas Dmytro , Zhyharevych Oksana . AUTHORIZATION SERVER FOR A LOCAL NETWORK BASED ON TOKEN TECHNOLOGY. Abstracts of XVIII International Scientific and Practical Conference. Lisbon, Portugal. May 06-08, 2024. Pp. 252-253.

Authentication: Methods, Protocols, and Strategies. URL: https://frontegg.com/blog/authentication

Kazmi S.H.A., Hassan R., Qamar F., Nisar K., Ibrahim A.A.A. Security Concepts in Emerging 6G Communication: Threats, Countermeasures, Authentication Techniques and Research Directions. Symmetry 2023, 15, 1147p.

Ruihong Zhang, Zhihua Hu, Access control method of network security authentication information based on fuzzy reasoning algorithm, Measurement, Volume 185, 2021, 110103,

De Almeida, M.G., Canedo, E.D. Authentication and Authorization in Microservices Architecture: A Systematic Literature Review. Appl. Sci. 2022, 12, 3023 p.

OpenID Connect. URL: https://openid.net/foundation/

Krutika Patil. Authentication and Authorization in Web Applications. Journal of Engineering and Applied Sciences Technology Vol 5(1), 2023. p. 1-2

Using OAuth 2.0 for Server to Server Applications. URL: https://developers.google.com/identity/protocols/oauth2/service-account

Taher B.H., Liu H., Abedi F., Lu H., Yassin A.A., Mohammed A.J. A Secure and Lightweight Three-Factor Remote User Authentication Protocol for Future IoT Applications. J. Sensors, 2021, pp. 8871204:1-8871204:18.

El-Hajj M., Fadlallah A., Chamoun M., Serhrouchni A. A survey of internet of things (IoT) authentication schemes. Sensors 2019, 19, 1141 p.

Use these 6 user authentication types to secure networks. URL: https://www.techtarget.com/searchsecurity/tip/Use-these-6-user-authentication-types-to-secure-networks

OpenID Connect Authentication and OAuth 2.0 Authorization in Web Application. URL: https://siddhivinayak-sk.medium.com/openid-connect-authentication-and-oauth-2-0-authorization-in-web-application-e7e422eb5223