SSH-DAuth: secret sharing based decentralized OAuth using decentralized identifier-Reference-Cited by-同舟云学术

SSH-DAuth: secret sharing based decentralized OAuth using decentralized identifier

Published:2023-10-26 Issue:1 Volume:13 Page:
ISSN:2045-2322
Container-title:Scientific Reports
language:en
Short-container-title:Sci Rep

Author:

Krishna Danda Prudhvi,Ramaguru R.,Praveen K.,Sethumadhavan M.,Ravichandran Kattur Soundarapandian,Krishankumar Raghunathan,Gandomi Amir H.

Abstract

AbstractOAuth2.0 is a Single Sign-On approach that helps to authorize users to log into multiple applications without re-entering the credentials. Here, the OAuth service provider controls the central repository where data is stored, which may lead to third-party fraud and identity theft. To circumvent this problem, we need a distributed framework to authenticate and authorize the user without third-party involvement. This paper proposes a distributed authentication and authorization framework using a secret-sharing mechanism that comprises a blockchain-based decentralized identifier and a private distributed storage via an interplanetary file system. We implemented our proposed framework in Hyperledger Fabric (permissioned blockchain) and Ethereum TestNet (permissionless blockchain). Our performance analysis indicates that secret sharing-based authentication takes negligible time for generation and a combination of shares for verification. Moreover, security analysis shows that our model is robust, end-to-end secure, and compliant with the Universal Composability Framework.

Funder

Óbuda University

Publisher

Springer Science and Business Media LLC

Subject

Multidisciplinary

Link

https://www.nature.com/articles/s41598-023-44586-6.pdf

Reference47 articles.

1. Zorz, Z. 154 million US voter records exposed following hack. Help Net Security. https://www.helpnetsecurity.com/2016/06/23/154-million-us-voter-records-exposed/ (2016).

2. Dan, R. Michael Page blames Capgemini over breach of client data. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/recruitment-firm-blames-capgemini/ (2016).

3. Radha, V. & Reddy, D. H. A survey on single sign-on techniques. Procedia Technol. 4, 134–139 (2012).

4. Liu, Z., Bonazzi, R. & Pigneur, Y. Privacy-based adaptive context-aware authentication system for personal mobile devices. J. Mobile Multimed. 12(1–2), 159–180 (2016).

5. Kihara, M. & Iriyama, S. Security and performance of single sign-on based on one-time pad algorithm. Cryptography 4, 16 (2020).