FIDO-enabled universal authenticator with Web usability and privacy preservation

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-03-06 DOI:10.1016/j.compeleceng.2025.110201

Wen-Wei Li , Kuo-Hui Yeh , Yan-Sing Ji , Shi-Cho Cha

{"title":"FIDO-enabled universal authenticator with Web usability and privacy preservation","authors":"Wen-Wei Li , Kuo-Hui Yeh , Yan-Sing Ji , Shi-Cho Cha","doi":"10.1016/j.compeleceng.2025.110201","DOIUrl":null,"url":null,"abstract":"<div><div>More and more organizations adopt strong authentication schemes, such as multi-factor authentication (MFA) and hardware-based means, to enhance application security instead of ID/password. When using the hardware-based authentication methods, users are required to carry hardware authenticators. Then, application systems communicate with the authenticators to authenticate their owners with the credentials stored in the authenticators or the authenticators themselves. For Web-based applications, people may need to install extra components for application servers to communicate with user authenticators. In this case, W3C and Fido alliances have issued the WebAuthn specifications. Therefore, application servers can communicate with user authenticators through the Bluetooth, near-field communication (NFC), or other standard means via web browsers without additional components. However, the current WebAuthn specification does not consider the scenario of using personal identification cards. While some researchers have proposed enhancements by incorporating additional software, these solutions can decrease usability and increase complexity. This study focuses on the scenario that uses personal identification cards as authenticators to access Web applications. In light of this, this study proposes a means to implement WebAuthn and FIDO specifications in personal identification cards called FIDO-enabled universal authenticator. With the support of WebAuthn, Web applications adopt strong authentication schemes to authenticate users without installing extra software. However, the existing WebAuthn specification lacks provisions for scenarios involving personal identification cards. To address privacy concerns, the proposed system adopts a one-time verifiable identity for identity providers to preserve user privacy. Additionally, we demonstrate the feasibility of implementing the dedicated authenticator with an NFC-based smart card corresponding with FIDO-supported Web applications.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"123 ","pages":"Article 110201"},"PeriodicalIF":4.0000,"publicationDate":"2025-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625001442","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

More and more organizations adopt strong authentication schemes, such as multi-factor authentication (MFA) and hardware-based means, to enhance application security instead of ID/password. When using the hardware-based authentication methods, users are required to carry hardware authenticators. Then, application systems communicate with the authenticators to authenticate their owners with the credentials stored in the authenticators or the authenticators themselves. For Web-based applications, people may need to install extra components for application servers to communicate with user authenticators. In this case, W3C and Fido alliances have issued the WebAuthn specifications. Therefore, application servers can communicate with user authenticators through the Bluetooth, near-field communication (NFC), or other standard means via web browsers without additional components. However, the current WebAuthn specification does not consider the scenario of using personal identification cards. While some researchers have proposed enhancements by incorporating additional software, these solutions can decrease usability and increase complexity. This study focuses on the scenario that uses personal identification cards as authenticators to access Web applications. In light of this, this study proposes a means to implement WebAuthn and FIDO specifications in personal identification cards called FIDO-enabled universal authenticator. With the support of WebAuthn, Web applications adopt strong authentication schemes to authenticate users without installing extra software. However, the existing WebAuthn specification lacks provisions for scenarios involving personal identification cards. To address privacy concerns, the proposed system adopts a one-time verifiable identity for identity providers to preserve user privacy. Additionally, we demonstrate the feasibility of implementing the dedicated authenticator with an NFC-based smart card corresponding with FIDO-supported Web applications.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.