SSH-DAuth: secret sharing based decentralized OAuth using decentralized identifier.
- Publisher:
- Springer Science and Business Media LLC
- Publication Type:
- Journal Article
- Citation:
- Sci Rep, 2023, 13, (1), pp. 18335
- Issue Date:
- 2023-10-26
Open Access
Copyright Clearance Process
- Recently Added
- In Progress
- Open Access
This item is open access.
OAuth2.0 is a Single Sign-On approach that helps to authorize users to log into multiple applications without re-entering the credentials. Here, the OAuth service provider controls the central repository where data is stored, which may lead to third-party fraud and identity theft. To circumvent this problem, we need a distributed framework to authenticate and authorize the user without third-party involvement. This paper proposes a distributed authentication and authorization framework using a secret-sharing mechanism that comprises a blockchain-based decentralized identifier and a private distributed storage via an interplanetary file system. We implemented our proposed framework in Hyperledger Fabric (permissioned blockchain) and Ethereum TestNet (permissionless blockchain). Our performance analysis indicates that secret sharing-based authentication takes negligible time for generation and a combination of shares for verification. Moreover, security analysis shows that our model is robust, end-to-end secure, and compliant with the Universal Composability Framework.
Please use this identifier to cite or link to this item: