<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">inform</journal-id><journal-title-group><journal-title xml:lang="ru">Информатика</journal-title><trans-title-group xml:lang="en"><trans-title>Informatics</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1816-0301</issn><issn pub-type="epub">2617-6963</issn><publisher><publisher-name>UIIP NASB</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.37661/816-0301-2025-22-2-95-110</article-id><article-id custom-type="elpub" pub-id-type="custom">inform-1349</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY</subject></subj-group></article-categories><title-group><article-title>Прототипирование системы беспарольного атрибутивного доступа к информационным ресурсам с использованием eID-карты Республики Беларусь и FIDO2-аутентификации</article-title><trans-title-group xml:lang="en"><trans-title>Prototyping of the system of passwordless attributive access to information resources using eID-card of the Republic of Belarus and FIDO2-authentication</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Жидович</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Zhidovich</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Жидович Антон Андреевич, выпускник кафедры технологий программирования факультета прикладной математики и информатики</p><p>пр. Независимости, 4, Минск, 220030</p></bio><bio xml:lang="en"><p>Anton А. Zhidovich, Graduate of the Department of Programming Technologies, Faculty of Applied Mathematics and Informatics</p><p>av. Nezavisimosti, 4, Minsk, 220030</p></bio><email xlink:type="simple">anton.zhidovich@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Лубенько</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Lubenko</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Лубенько Алексей Анатольевич, выпускник кафедры технологий программирования факультета прикладной математики и информатики</p><p>пр. Независимости, 4, Минск, 220030</p></bio><bio xml:lang="en"><p>Alexei А. Lubenko, Graduate of the Department of Programming Technologies, Faculty of Applied Mathematics and Informatics</p><p>av. Nezavisimosti, 4, Minsk, 220030</p></bio><email xlink:type="simple">alexeilubenko02@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Войтешенко</surname><given-names>И. С.</given-names></name><name name-style="western" xml:lang="en"><surname>Vojteshenko</surname><given-names>I. S.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Войтешенко Иосиф Станиславович, кандидат технических наук, доцент, доцент кафедры технологий программирования факультета прикладной математики и информатики</p><p>пр. Независимости, 4, Минск, 220030</p></bio><bio xml:lang="en"><p>Iosif S. Vojteshenko, Ph. D. (Eng.), Assoc. Prof., Assoc. Prof. of the Department of Programming Technologies of the Faculty of Applied Mathematics and Informatics</p><p>av. Nezavisimosti, 4, Minsk, 220030</p></bio><email xlink:type="simple">Voit@bsu.by</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Белорусский государственный университет</institution></aff><aff xml:lang="en"><institution>Belarusian State University</institution></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>10</day><month>07</month><year>2025</year></pub-date><volume>22</volume><issue>2</issue><fpage>95</fpage><lpage>110</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Жидович А.А., Лубенько А.А., Войтешенко И.С., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Жидович А.А., Лубенько А.А., Войтешенко И.С.</copyright-holder><copyright-holder xml:lang="en">Zhidovich A.A., Lubenko A.A., Vojteshenko I.S.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://inf.grid.by/jour/article/view/1349">https://inf.grid.by/jour/article/view/1349</self-uri><abstract><p>Цели. Целью проведенной аналитической и исследовательской работы являются проектирование и реализация прототипа системы установки личности пользователя и его привилегий путем совместного использования беспарольной FIDO2-аутентификации и управления доступом на основе атрибутов. В качестве источника пользовательских атрибутов предложены средства электронной идентификации, соответствующие стандартам ICAO.Методы. В исследовании применялись: систематизация и анализ литературы и технических спецификаций; системный подход к анализу существующих реализаций систем беспарольного атрибутивного доступа и теоретических моделей, используемых при их проектировании; SCn- и SCg-код технологии OSTIS для семантического описания основных понятий и концепций, связанных с FIDO2-аутентификацией; программные платформы и библиотеки.Результаты. Результатом работы является прототип системы атрибутивного доступа к информационным ресурсам в цифровой среде с использованием eID-карты Республики Беларусь и FIDO2-аутентификации. Разработанное приложение было контейнеризовано и развернуто на онлайн-сервере, его работоспособность проверена с различных платформ с помощью распространенных браузеров.Заключение. Представлено исследование по разработке и первоначальной оценке прототипа системы управления доступом к информационным ресурсам с помощью аутентификации по спецификации FIDO2 и модели управления доступом на основе атрибутов. При этом в качестве источника пользовательских атрибутов применяются средства электронной идентификации, удовлетворяющие стандартам Международной организации гражданской авиации, в том числе eID-карта Республики Беларусь</p></abstract><trans-abstract xml:lang="en"><p>Objectives. The purpose of the analytical and research work carried out is to design and implement a prototype system for establishing user identity and privileges based on the joint use of passwordless FIDO2 authentication and attribute-based access control. It is proposed that electronic identification means compliant with ICAO standards be used as a source of user attributes.Methods. The following were used in this paper: systematization and analysis of literature and technical specifications; systematic approach to the analysis of existing implementations of passwordless attribute access systems and theoretical models used in their design; the SCn- and SCg-code of OSTIS technology for semantic description of basic concepts and concepts related to FIDO2-authentication; software platforms and libraries.Results. The result of the work is a prototype of the system of attributive access to information resources in the digital environment using the eID-card of the Republic of Belarus and FIDO2-authentication. The developed application was containerized and deployed on the online server. Its performance was then tested from different platforms using standard browsers.Conclusion. A study on the development and initial evaluation of a prototype of an information resource access control system based on authentication to the FIDO2 specification and an attribute-based access control model is presented. At the same time, as a source of user attributes the means of electronic identification that meet the standards of the International Civil Aviation Organization, including the eID-card of the Republic of Belarus, are used</p></trans-abstract><kwd-group xml:lang="ru"><kwd>беспарольная аутентификация</kwd><kwd>авторизация на основе атрибутов</kwd><kwd>спецификация FIDO2</kwd><kwd>протокол W3C WebAuthn</kwd><kwd>протокол «клиент-аутентификатор»</kwd><kwd>eID-идентификация</kwd></kwd-group><kwd-group xml:lang="en"><kwd>passwordless authentication</kwd><kwd>attribute-based authorization</kwd><kwd>FIDO2 specification</kwd><kwd>protocol W3C WebAuthn</kwd><kwd>client-to-authenticator protocol</kwd><kwd>eID-identification</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Angelogianni, A. How many FIDO protocols are needed? Analysing the technology, security and compliance / A. Angelogianni, I. Politis, C. Xenakis // ACM Computing Surveys. – 2024. – Vol. 56, iss. 8. – P. 1–51. – DOI: 10.1145/3654661.</mixed-citation><mixed-citation xml:lang="en">Angelogianni A., Politis I., Xenakis C. How many FIDO protocols are needed? Analysing the technology, security and compliance. ACM Computing Surveys, 2024, vol. 56, iss. 8, рр. 1–51. DOI: 10.1145/3654661.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability Study / M. Kepkowski, M. MachulakIan, I. Wood, D. Kaafar. – URL: https://arxiv.org/abs/2308.08096 (date of access: 08.11.2024).</mixed-citation><mixed-citation xml:lang="en">Kepkowski M., MachulakIan M., Wood I., Kaafar D. Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability Study. Available at: https://arxiv.org/abs/2308.08096 (accessed 08.11.2024).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">FIDO2 passwordless authentication for remote devices / S. Dixit, A. Gupta, R. Jain [et al.] // Networks and Systems in Cybernetics : Proc. of 12th Computer Science On-line Conf. 2023. – Springer, 2023. – Vol. 2. – Р. 349–362. – DOI: 10.1007/978-3-031-35317-8_32.</mixed-citation><mixed-citation xml:lang="en">Dixit S., Gupta A., Jain R., Joshi R., Gonge S., Kotecha K. FIDO2 passwordless authentication for remote devices. Networks and Systems in Cybernetics: Proceedings of 12th Computer Science On-line Conference 2023. Springer, 2023, vol. 2, рр. 349–362. DOI: 10.1007/978-3-031-35317-8_32.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Hoefling, D. Understanding How FIDO Makes Passwordless Authentication Possible / D. Hoefling. – URL: https://practical365.com/understanding-how-fido-makes-passwordlessauthentication-possible/ (date of access: 27.11.2024).</mixed-citation><mixed-citation xml:lang="en">Hoefling D. Understanding How FIDO Makes Passwordless Authentication Possible. Available at: https://practical365.com/understanding-how-fido-makes-passwordlessauthentication-possible/ (accessed 27.11.2024).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Fast IDentity online with anonymous credentials (FIDO-AC) / W.-Z. Yeoh, M. Kepkowski, G. Heide [et al.] // Proc. of the 32nd USENIX Security Symp., Anaheim, CA, USA, 9–11 Aug. 2023. – Anaheim, 2023. – P. 3029–3046.</mixed-citation><mixed-citation xml:lang="en">Yeoh W.-Z., Kepkowski M., Heide G., Kaafar D., Hanzlik L. Fast IDentity online with anonymous credentials (FIDO-AC). Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 9–11 Aug. 2023. Anaheim, 2023, рр. 3029–3046.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Brodsky, Z. Using MITM to bypass FIDO2 phishing-resistant protection / Z. Brodsky. – URL: https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/ (date of access: 08.11.2024).</mixed-citation><mixed-citation xml:lang="en">Brodsky Z. Using MITM to bypass FIDO2 phishing-resistant protection. Available at: https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/ (accessed 08.11.2024).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Zhidovich, A. Semantic notation of access control technology based on eID identification, FIDO2- authentication and attribute-based authorization in digital environment / A. Zhidovich, A. Lubenko, I. Vojteshenko // Open Semantic Technologies for Intelligent Systems. – 2024. – No. 8. – P. 371–376.</mixed-citation><mixed-citation xml:lang="en">Zhidovich A., Lubenko A., Vojteshenko I. Semantic notation of access control technology based on eID identification, FIDO2-authentication and attribute-based authorization in digital environment. Open Semantic Technologies for Intelligent Systems, 2024, no. 8, рр. 371–376.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Garoffolo, A. Zendoo: A ZK-SNARK verifiable cross-chain transfer protocol enabling decoupled and decentralized sidechains / A. Garoffolo, D. Kaidalov, R. Oliynykov // 2020 IEEE 40th Intern. Conf. on Distributed Computing Systems (ICDCS), Singapore, 29 Nov. – 01 Dec. 2020. – Singapore, 2020. – P. 1257–1262.</mixed-citation><mixed-citation xml:lang="en">Garoffolo A., Kaidalov D., Oliynykov R. Zendoo: A ZK-SNARK verifiable cross-chain transfer protocol enabling decoupled and decentralized sidechains. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), Singapore, 29 November – 01 December 2020. Singapore, 2020, рр. 1257–1262.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Технология комплексной поддержки жизненного цикла семантически совместимых интеллектуальных компьютерных систем нового поколения / под общ. ред. В. В. Голенкова. – Минск : Бестпринт, 2023. – 1064 с.</mixed-citation><mixed-citation xml:lang="en">Golenkov V. V. (ed.). Tehnologija kompleksnoj podderzhki zhiznennogo cikla semanticheski sovmestimyh intellektual'nyh komp'juternyh sistem novogo pokolenija. Technology for Integrated Life Cycle Support of Semantically Compatible Intelligent Computer Systems of the New Generation. Minsk, Bestprint, 2023, 1064 р.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Semantic approach to designing applications with passwordless authentication according to the FIDO2 specification / A. Zhidovich, A. Lubenko, I. Vojteshenko, A. Andrushevich // Open Semantic Technologies for Intelligent Systems. – 2023. – No. 7. – P. 311–316.</mixed-citation><mixed-citation xml:lang="en">Zhidovich A., Lubenko A., Vojteshenko I., Andrushevich A. Semantic approach to designing applications with passwordless authentication according to the FIDO2 specification. Open Semantic Technologies for Intelligent Systems, 2023, no. 7, рр. 311–316.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
