ROSTAM: A passwordless web single sign-on solution mitigating server breaches and integrating credential manager and federated identity systems

Amin Mahnamfar*, Kemal Bicakci, Yusuf Uzunay

*Bu çalışma için yazışmadan sorumlu yazar

Araştırma sonucu: ???type-name???Makalebilirkişi


The challenge of achieving passwordless user authentication is real given the prevalence of web applications that keep asking passwords. Complicating this issue further, in an enterprise environment, a single sign-on (SSO) service is often maintained but not all applications can be integrated with it. We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems. In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO. The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server. We propose and implement novel techniques for synchronization (pairing) and recovery of this Master Key. We compare our solution to previous work using different evaluation frameworks, demonstrating that our hybrid solution combines the benefits of credential management and federated identity systems.

Orijinal dilİngilizce
Makale numarası103739
DergiComputers and Security
Yayın durumuYayınlandı - Nis 2024

Bibliyografik not

Publisher Copyright:
© 2024 Elsevier Ltd


Prof. Dr. Kemal Bıçakcı is a faculty member in Computer Engineering Department and Informatics Institute at Istanbul Technical University. He received his master's degree from University of Southern California (Los Angeles, USA) and PhD degree from Middle East Technical University. He worked as a Postdoc Researcher at Vrije University (Amsterdam, Netherlands). Prof. Bıçakcı has been working in Cyber Security since 1995. He has taken part in many national and international R&D projects supported by European Union, NSF and TUBITAK. He has supervised many students, some of whom have been honored with different awards. Prof. Dr. Kemal Bıçakcı currently serves as the Chairman of the Board at Securify. This research was funded by The Scientific and Technological Research Council of Türkiye ( TÜBİTAK ) [grant number 3211046 ]. We thank Prof. Dr. Mehmet Emin Dalkılıç and anonymous reviewers for helpful comments. We would like to also acknowledge Burak Şahin's assistance in testing the system.

FinansörlerFinansör numarası
National Science Foundation
European Commission
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu3211046

    Parmak izi

    ROSTAM: A passwordless web single sign-on solution mitigating server breaches and integrating credential manager and federated identity systems' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

    Alıntı Yap