izpis_h1_title_alt

Overjanje spletnih uporabnikov po standardu WebAuthn
ID MILAR, BLAŽ (Author), ID Jakus, Grega (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,72 MB)
MD5: 81B8162B5388F14619B8E0F0E35D96E9

Abstract
Diplomsko delo predstavlja uveljavljene načine overjanja oziroma avtentikacije uporabnikov na spletu in jih primerja z novim standardom WebAuthn, pri čemer se osredotoča na spletne aplikacije, ki niso namenjene za poslovno rabo. Overjanje na spletu danes še vedno pretežno temelji na geslih, najstarejši in najmanj varni obliki preverjanja pristnosti. Za visok nivo varnosti morajo biti gesla dovolj dolga in sestavljena iz naključnih znakov, zato si jih je težje zapomniti, ko njihovo število naraste. Uporabniki lahko težavo s pomnjenjem gesel rešijo tako, da jih shranijo v upravljalnikih gesel. Uporabijo lahko tudi enotno spletno prijavo, kjer na varen način uporabljajo le eno kombinacijo uporabniškega imena in gesla za prijavo v več različnih aplikacij. Slabost obeh načinov je kritična točka odpovedi, saj se morata uporabnik in aplikacija za prijavo zanašati na zunanjega ponudnika. Varnost pri prijavljanju lahko povečamo z dodatnim elementom overjanja, ki ga ponuja dvofaktorska prijava, a kljub večji varnosti geslo še vedno ostane. Za popolno opuščanje gesel pa so pred časom razvili tudi mehanizme za overjanje brez gesel, ki pa navadno temeljijo na varnosti e-poštnega naslova. Nobeden od naštetih načinov ne rešuje problema s pomnjenjem gesel, ne da bi pri tem vpeljal kakšno slabost, na primer kritično točko odpovedi. Kot odgovor na to poteka razvoj novega standarda WebAuthn, ki korenito spreminja način overjanja na spletu z uvedbo močnejših poverilnic in nekaterih novih konceptov. WebAuthn ne uporablja gesel, ampak poverilnice na osnovi kriptografije javnih ključev, s čimer lahko doseže večjo varnost in reši problem pomnjenja gesel. Overjanje uporabnika se pri tem standardu izvede z uporabo zunanjega avtentikatorja. Del diplomskega dela je tudi izvedba spletne aplikacije, ki poleg WebAuthn ponuja še štiri najpogosteje uporabljene načine overjanja. Primernost različnih načinov overjanja je odvisna od vrste groženj, vendar je WebAuthn odporen na zelo velik nabor napadov. Če bo zanj na voljo dobra podpora v brskalnikih, bo to spodbudilo razvijalce k splošnem vključevanju omenjenega standarda v spletne aplikacije.

Language:Slovenian
Keywords:spletno overjanje, WebAuthn, geslo, OpenID Connect, enotna spletna prijava, dvofaktorsko overjanje, overjanje brez gesel
Work type:Bachelor thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2018
PID:20.500.12556/RUL-102984 This link opens in a new window
Publication date in RUL:12.09.2018
Views:1484
Downloads:531
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Web authentication using WebAuthn standard
Abstract:
This thesis presents well-known and widely-used means for Web authentication and compares them to a new standard, WebAuthn. In this process, it focuses on consumer Web applications. Web authentication today still relies mostly on the use of passwords, the oldest and least safe form of verification. To ensure a high level of security, passwords must be long and comprised of random characters, therefore remembering them becomes increasingly harder as their number grows. Users can solve the problem of remembering passwords by storing them in a password manager. They can also use single sign-on, which allows them to safely use single credentials to log into different applications. The weakness of both these approaches is a single point of failure, as the user and application are reliant on third-party providers. Logging in can be made more secure by adding a new element of authentication, which is available through two-factor authentication, but despite the stronger security, passwords remain a part in the process. To completely dismiss their use, mechanisms for passwordless authentication have recently been developed, but they depend on the security of an e-mail address. None of the aforementioned means of authentication solves the problem of remembering passwords without introducing a weakness, e.g. a single point of failure. A new standard, WebAuthn, is being developed to combat this issue. It introduces stronger credentials and a few new principles in authentication. WebAuthn uses public-key-based credentials, which allows it to achieve stronger security and solve the problem of remembering passwords. With this standard, user authentication is accomplished via an external authenticator. A part of this thesis is also an implementation a Web application, which, along with WebAuthn, implements four other common ways of authentication. Suitability of different means of authentication depends on the threat model, but WebAuthn is immune to a wide range of attacks. If good browser support for WebAuthn is provided, it may encourage developers to widely implement the new standard in Web applications.

Keywords:Web authentication, WebAuthn, password, OpenID Connect, single sign-on, two-factor authentication, passwordless

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back