Design and Implementation of Blockchain Based Single Sign-On Authentication System for Web Applications

Today, many services are provided through web applications and the number of these applications is increasing rapidly. Nowadays, most users use their username and password to login to web applications. Many of these users also use the same login information in different applications. This causes a major security vulnerability for applications and users. As a solution to these weaknesses in the field of authentication, there have been many developments in recent years. Some of these studies have been third party identity authentication systems like Google and Facebook. Since this method also contains potential risks, studies have been conducted on the TwoFactor Authentication (2FA) method for more security. In parallel with the innovations that emerge every day, methods should be used in the field of authentication. In these times, blockchain technology offers solutions that make life easier in many areas thanks to its distributed, transparent, secure and immutable structure. In this study, blockchain based single sign-on (SSO) authentication system was developed and implemented for web applications. In this system, a public address and a private key are defined on the private blockchain network for users and this information is used for the 2FA method through the developed mobile application. Detailed information was given about the proposed system and technologies used in the study.

___

[1] L. Xiong, F. Li, S. Zeng, T. Peng, and Z. Liu, “A Blockchain-Based Privacy- Awareness Authentication Scheme with E_cient Revocation for Multi-Server Architectures," IEEE Access, vol. 7, pp. 125840-125853, 2019.

[2] Y. Ezawa et al., “Designing Authentication and Authorization System with Blockchain," in 2019 14th Asia Joint Conference on Information Security (AsiaJCIS), pp. 111{118,2019.

[3] W. Ao, S. Fu, C. Zhang, Y. Huang, and F. Xia, “A Secure Identity Authentication Scheme Based on Blockchain and Identity-based Cryptography," in 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET), pp. 90{95, 2019.

[4] MultiChain | Open source blockchain platform." [Online]. Available: https://www.multichain.com/ . [Accessed: 15-Jan-2019].

[5] K. Sultan, U. Ruhi, and R. Lakhani, “Conceptualizing Blockchains: Characteristics and Applications," in 11th IADIS International Conference on Information Systems, pp. 49{57, 2018.

[6] Blockchain Distributed Ledger Market Size by Type, End-User," Allied Market Research Report, 2017. [Online]. Available: https://www.alliedmarketresearch.com/blockchaindistributed-ledger-market. [Accessed: 14-Nov-2018].

[7] S. Nakamoto, \Bitcoin: A Peer-to-Peer Electronic Cash System." [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.221.9986. [Accessed: 08-Nov-2018].

[8] A. Reyna, C. Martin, J. Chen, E. Soler, and M. Diaz, “On blockchain and its integration with IoT. Challenges and opportunities," Future Generation Computer Systems, vol. 88, pp. 173-190, 2018.

[9] M. Tanriverdi and A. Tekerek, “Implementation of Blockchain Based Distributed Web Attack Detection Application," in 1st International Informatics and Software Engineering Conference: Innovative Technologies for Digital Transformation, IISEC 2019 - Proceedings, 2019.

[10] J. L. Zhao, S. Fan, and J. Yan, “Overview of business innovations and research opportunities in blockchain and introduction to the special issue," Financial Innovation, vol. 2, no. 1-28, 2016.

[11] V. Gatteschi, F. Lamberti, C. Demartini, C. Pranteda, and V. Santamaria, “To Blockchain or Not to Blockchain: That Is the Question," IT Prof., vol. 20, no. 2, pp. 62-74, Mar. 2018.

[12] MultiChain data streams | MultiChain." [Online]. Available: https://www.multichain.com/developers/data-streams/. [Accessed: 10-Mar-2020].

[13] J. Zhang, X. Tan, X. Wang, A. Yan, and Z. Qin, “T2FA: Transparent Two-Factor Authentication," IEEE Access, vol. 6, pp. 32677-32686, Jun. 2018.

[14] B. S. Archana, A. Chandrashekar, A. G. Bangi, B. M. Sanjana, and S. Akram, “Survey on usable and secure two-factor authentication," in RTEICT 2017 - 2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings, vol. 2018-January, pp. 842-846, 2017.

[15] Google 2FA." [Online]. Available: https://www.google.com/landing/2step/. [Accessed: 05-Mar2020].

[16] LastPass - LastPass Authenticator." [Online]. Available:https://lastpass.com/auth/. [Accessed: 05-Mar-2020].

[17] S. Wang, R. Pei, and Y. Zhang, “EIDM: A Ethereum-Based Cloud User Identity Management Protocol," IEEE Access, vol. 7, pp. 115281-115291, Aug. 2019.

[18] W. Jiang, H. Li, G. Xu, M. Wen, G. Dong, and X. Lin, “PTAS: Privacy- preserving Thin-client Authentication Scheme in blockchain-based PKI," Future Generation Computer Systems, vol. 96, pp. 185-195, Jul. 2019.

[19] C. Fromknecht and S. Yakoubov, “CertCoin: A NameCoin Based Decentralized Authentication System 6.857 Class Project," 2014.

[20] L. Axon and M. Goldsmith, “PB-PKI: A privacy-aware blockchain-based PKI," in ICETE 2017 - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications, vol. 4, pp. 311-318, 2017.

[21] U. Khalid, M. Asim, T. Baker, P. C. K. Hung, M. A. Tariq, and L. Ra_erty, “A decentralized lightweight blockchain-based authentication mechanism for IoT systems," Cluster Computing, pp. 1-21, Feb. 2020.

[22] S. Patel, A. Sahoo, B. K. Mohanta, S. S. Panda, and D. Jena, “DAuth:A Decentralized Web Authentication System using Ethereum based Blockchain," in Proceedings - International Conference on Vision Towards Emerging Trends in Communication and Networking, ViTECoN 2019, 2019.

[23] A. Bakre and N. Patil, “Implementing Decentralized Digital Identity using Blockchain," International Journal of Engineering Technology Science and Research, vol. 4, pp. 379-385, 2017.

[24] H. Arslan and H. Aslan, “Blockchain based single sign-on support for IoT environments," in 27th Signal Processing and Communications Applications Conference, SIU2019, 2019.

[25] Best PHP Projects With Source Code Free Download [ 2020 ] Ideas,Video." [Online]. Available: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/. [Accessed: 30-Mar-2020].

[26] Xamarin | Open-source mobile app platform for .NET." [Online].Available https://dotnet.microsoft.com/apps/xamarin. [Accessed: 01-Apr-2020].