Prototyping of the system of passwordless attributive access to information resources using eID-card of the Republic of Belarus and FIDO2-authentication

Objectives. The purpose of the analytical and research work carried out is to design and implement a prototype system for establishing user identity and privileges based on the joint use of passwordless FIDO2 authentication and attribute-based access control. It is proposed that electronic identification means compliant with ICAO standards be used as a source of user attributes.
Methods. The following were used in this paper: systematization and analysis of literature and technical specifications; systematic approach to the analysis of existing implementations of passwordless attribute access systems and theoretical models used in their design; the SCn- and SCg-code of OSTIS technology for semantic description of basic concepts and concepts related to FIDO2-authentication; software platforms and libraries.
Results. The result of the work is a prototype of the system of attributive access to information resources in the digital environment using the eID-card of the Republic of Belarus and FIDO2-authentication. The developed application was containerized and deployed on the online server. Its performance was then tested from different platforms using standard browsers.
Conclusion. A study on the development and initial evaluation of a prototype of an information resource access control system based on authentication to the FIDO2 specification and an attribute-based access control model is presented. At the same time, as a source of user attributes the means of electronic identification that meet the standards of the International Civil Aviation Organization, including the eID-card of the Republic of Belarus, are used

1. Angelogianni A., Politis I., Xenakis C. How many FIDO protocols are needed? Analysing the technology, security and compliance. ACM Computing Surveys, 2024, vol. 56, iss. 8, рр. 1–51. DOI: 10.1145/3654661.

2. Kepkowski M., MachulakIan M., Wood I., Kaafar D. Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability Study. Available at: https://arxiv.org/abs/2308.08096 (accessed 08.11.2024).

3. Dixit S., Gupta A., Jain R., Joshi R., Gonge S., Kotecha K. FIDO2 passwordless authentication for remote devices. Networks and Systems in Cybernetics: Proceedings of 12th Computer Science On-line Conference 2023. Springer, 2023, vol. 2, рр. 349–362. DOI: 10.1007/978-3-031-35317-8_32.

4. Hoefling D. Understanding How FIDO Makes Passwordless Authentication Possible. Available at: https://practical365.com/understanding-how-fido-makes-passwordlessauthentication-possible/ (accessed 27.11.2024).

5. Yeoh W.-Z., Kepkowski M., Heide G., Kaafar D., Hanzlik L. Fast IDentity online with anonymous credentials (FIDO-AC). Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 9–11 Aug. 2023. Anaheim, 2023, рр. 3029–3046.

6. Brodsky Z. Using MITM to bypass FIDO2 phishing-resistant protection. Available at: https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/ (accessed 08.11.2024).

7. Zhidovich A., Lubenko A., Vojteshenko I. Semantic notation of access control technology based on eID identification, FIDO2-authentication and attribute-based authorization in digital environment. Open Semantic Technologies for Intelligent Systems, 2024, no. 8, рр. 371–376.

8. Garoffolo A., Kaidalov D., Oliynykov R. Zendoo: A ZK-SNARK verifiable cross-chain transfer protocol enabling decoupled and decentralized sidechains. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), Singapore, 29 November – 01 December 2020. Singapore, 2020, рр. 1257–1262.

9. Golenkov V. V. (ed.). Tehnologija kompleksnoj podderzhki zhiznennogo cikla semanticheski sovmestimyh intellektual'nyh komp'juternyh sistem novogo pokolenija. Technology for Integrated Life Cycle Support of Semantically Compatible Intelligent Computer Systems of the New Generation. Minsk, Bestprint, 2023, 1064 р.

10. Zhidovich A., Lubenko A., Vojteshenko I., Andrushevich A. Semantic approach to designing applications with passwordless authentication according to the FIDO2 specification. Open Semantic Technologies for Intelligent Systems, 2023, no. 7, рр. 311–316.