1. ELARTU — Інституційний репозитарій ТНТУ імені Івана Пулюя
  2. Роботи студентів
  3. Магістр
  4. 126 — інформаційні системи та технології
Please use this identifier to cite or link to this item: http://elartu.tntu.edu.ua/handle/lib/51446
Title: Design and Modeling of Passwordless Authentication Architectures in Compliance with Industry-Standard Security Frameworks
Authors: Akinyemi, Victor Oluwaseyi
Affiliation: ТНТУ ім. І. Пулюя, Факультет комп’ютерно-інформаційних систем і програмної інженерії, Кафедра комп’ютерних наук, м. Тернопіль, Україна
Bibliographic description (Ukraine): Akinyemi V. O. Design and Modeling of Passwordless Authentication Architectures in Compliance with Industry-Standard Security Frameworks : Master’s qualification thesis in specialty 126 Information Systems and Technologies / supervisor O. Holotenko. — Ternopil : Ternopil Ivan Puluj National Technical University, 2025. — 95 p.
Bibliographic reference (2015): Akinyemi V. O. Design and Modeling of Passwordless Authentication Architectures in Compliance with Industry-Standard Security Frameworks: Master’s qualification thesis in specialty 126 Information Systems and Technologies / supervisor O. Holotenko. Ternopil: Ternopil Ivan Puluj National Technical University, 2025. 95 p.
Issue Date: 26-Jan-2026
Submitted date: 12-Jan-2026
Date of entry: 28-Jan-2026
Publisher: ТНТУ ім. І.Пулюя, ФІС, м. Тернопіль, Україна
Country (code): UA
Place of the edition/event: Тернопіль
Supervisor: Голотенко, Олександр Сергійович
Holotenko, Olexander
Committee members: Тиш, Євгенія Володимирівна
UDC: 004.056.52:004.7
Keywords: 126
інформаційні системи та технології
автентифікація
безпарольний доступ
інформаційна безпека
кібербезпека
моделювання архітектури
стандарти безпеки
біометрія
authentication
biometrics
fido2
passwordless
security frameworks
webauthn
Page range: 95
Abstract: The qualification work is dedicated to the research and development of architectural solutions for implementing passwordless authentication. The first chapter analyzes the vulnerabilities of traditional password-based access systems and examines current cybersecurity threats. The second chapter focuses on studying industry standards such as FIDO2 and WebAuthn, as well as modeling interaction processes between the user, authenticator, and server. The third chapter proposes an architectural model that ensures a high level of security and user convenience by integrating biometric methods. The performed modeling confirmed the system's resistance to man-in-the-middle (MITM) and phishing attacks. The work also includes an analysis of life safety aspects and an economic justification for the transition to passwordless technologies
Description: Роботу виконано на кафедрі комп'ютерних наук Тернопільського національного технічного університету імені Івана Пулюя. Захист відбудеться 26.01.2026р. на засіданні екзаменаційної комісії №37 у Тернопільському національному технічному університеті імені Івана Пулюя
Content: INTRODUCTION 1 THEORETICAL ANALYSIS OF AUTHENTICATION SYSTEMS 1.1 Evolution of authentication methods and password limitations 1.2 Modern cybersecurity threat landscape 1.3 Review of current passwordless technologies 2 MODELING PASSWORDLESS AUTHENTICATION ARCHITECTURES 2.1 FIDO2 and WebAuthn frameworks overview 2.2 Modeling system interaction workflows 2.3 Integration of biometric verification factors 3 IMPLEMENTATION AND SECURITY ANALYSIS 3.1 Proposed architecture design for enterprise systems 3.2 Resistance to common cyberattacks 3.3 Usability and deployment considerations 4 ECONOMIC JUSTIFICATION OF THE PROJECT 5 OCCUPATIONAL HEALTH AND SAFETY IN EMERGENCY SITUATIONS CONCLUSIONS REFERENCES
URI: http://elartu.tntu.edu.ua/handle/lib/51446
Copyright owner: © Akinyemi Victor Oluwaseyi, 2026
References (Ukraine): 1. America's Password Habits | Security.org. Security.org. URL: https://www.security.org/resources/online-password-strategies/ (accessed: 03.10.2024).
2. Das S., Phelan L. A., Hoyos-Rivera J. A. Password Managers Usage and Trust: A US Study of User Behavior, Preferences, and Perceptions. ACM Transactions on Privacy and Security. Vol. 24, no. 3, article 16, July 2021. URL: https://doi.org/10.1145/3447564 (date of access: 09.10.2024).
3. Saul Johnson, Jo˜ao F. Ferreira, Alexandra Mendes, and Julien Cordry. “Skeptic: Automatic, justified and privacy-preserving password composition policy selection”. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS '20), October 2020
4. What is WebAuthn? Authentication standard. Wallarm | Integrated App and API Security Platform. URL: https://www.wallarm.com/what/webauthn-web- authentication (accessed: 05.10.2024)
5. Gordin, A. Graur, S. Vlad and C. I. Adomniței, "Moving forward passwordless authentication: challenges and implementations for the private cloud," 20th RoEduNet Conference: Networking in Education and Research (RoEduNet), 2021, pp. 1-5, doi: 10.1109/RoEduNet54112.2021.9638271 (date of access: 09.10.2024)
6. Decoding How WebAuthn Works. FusionAuth. URL: https://fusionauth.io/articles/authentication/webauthn (accessed: 05.10.2024)
7. What is the Passkey and how it works? Simple explanation | Hideez. Passwordless Workforce Identity Solutions | Hideez. URL: https://hideez.com/uk-ua/blogs/news/what-is-a-passkey (accessed: 25.11.2024)
8. Rolfe B. Synced vs Device-Bound Passkeys: How User Convenience and Authentication Experiences Vary. Authsignal - Drop-in Passkeys & Passwordless Authentication. URL: https://www.authsignal.com/blog/articles/synced-vs-device-bound-passkeys-convenience-and-authentication-experiences (date of access: 25.11.2024)
9. Device-Bound vs. Synced Passkeys (SCA & Passkeys I). Corbado - Add passkeys to any new or existing app. URL: https://corbado.com/blog/device-bound-synced-passkeys (date of access: 25.11.2024)
10. HYPR. What is a FIDO Platform Authenticator? | Security Encyclopedia. HYPR: Identity Security & Passwordless Authentication Solution. URL: https://www.hypr.com/security-encyclopedia/platform-authenticator (date of access: 25.11.2024)
11. Platform vs Cross-Platform. Yubico Developers. URL: https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/Platform_vs_Cross-Platform.html (date of access: 25.11.2024)
12. NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. Independently Published, 2022, 462 p
13. Blokdyk G. Passwordless Authentication, Second Edition. 5STARCooks, 2021. pp. 80-93
14. Passwordless Authentication Methods - Wise IT Ukraine. Wise IT Ukraine. URL: https://wiseit.com.ua/metody-autentyfikacziyi-bez-parolya-vid-fudo/ (accessed: 30.09.2024)
15. A Study on Passwordless Authentication Technology and Its Effects. The International Journal of Reliable Information and Assurance. 2018. Vol. 6, no. 1. URL: https://doi.org/10.21742/ijria.2018.6.1.03 (date of access: 19.11.2024)
16. Passwordless Magic Links vs. Certificates for Secure Access. SecureW2. URL: https://www.securew2.com/blog/passwordless-magic-link-authentication-explained (date of access: 25.11.2024)
17. Java: Basic Principles and Benefits of Use. www.mathros.net.ua - Website for Computer Science Students. URL: https://www.mathros.net.ua/basic-principles-of-java-programming.html (accessed: 25.11.2024)
18. Java: The Complete Reference, Thirteenth Edition. McGraw-Hill Education, 2023
19. Horstmann C. S. Core Java, Volume II--Advanced Features (11th Edition). Prentice Hall, 2019. pp. 26-28
20. Scarioni C., Nardone M. Pro Spring Security: Securing Spring Framework 5 and Boot 2-based Java Applications. Apress, 2019. 428 p
21. Spring Boot. Spring Boot. URL: https://spring.io/projects/spring-boot (date of access: 25.11.2024)
22. Spring Data. Spring Data. URL: https://spring.io/projects/spring-data (date of access: 25.11.2024)
23. Macero García M., Telang T. Learn Microservices with Spring Boot 3. 3rd ed. Berkeley, CA : Apress, 2023. pp. 11-18
24. Yubico Developers. Yubico Developers. URL: https://developers.yubico.com/ (date of access: 25.11.2024)
25. Tudose C. Java Persistence with Spring Data and Hibernate. Manning, 2022. 625 p
26. Hibernate. Everything data. Hibernate. URL: https://hibernate.org/ (date of access: 25.11.2024)
27. Apache Maven Series | Baeldung. Baeldung. URL: https://www.baeldung.com/maven-series (accessed: 11.10.2024)
28. Gaba I. What is Maven: Here's What You Need to Know [Updated]. Simplilearn.com. URL: https://www.simplilearn.com/tutorials/maven-tutorial/what-is-maven (date of access: 25.11.2024)
29. What Is PostgreSQL?. Kinsta®. URL: https://kinsta.com/knowledgebase/what-is-postgresql/#what-is-postgresql (date of access: 29.09.2024)
30. Schönig H.-J. Mastering PostgreSQL 12: Advanced Techniques to Build and Administer Scalable and Reliable PostgreSQL Database Applications, 3rd Edition. Packt Publishing, Limited, 2019
31. Mastering PostgreSQL 15: Advanced techniques to build and manage scalable, reliable, and fault-tolerant database applications, 5th Edition. Packt Publishing, 2023. 522 p
32. Blog H. H. T. Passwordless Authentication With Passkey: How It Works and Why It Matters – Part 1. Medium. URL: https://medium.com/@heritage.tech/passwordless-authentication-with-passkey-how-it-works-and-why-it-matters-part-1-dcae2a004988 (date of access: 29.09.2024)
33. Web client definition Glossary. NordVPN. URL: https://nordvpn.com/uk/cybersecurity/glossary/web-client/ (date of access: 09.10.2024)
34. HYPR. What is a FIDO Relying Party (RP)? | Security Encyclopedia. Identity Security & Passwordless Authentication Solution | HYPR. URL: https://www.hypr.com/security-encyclopedia/relying-party-rp (date of access: 05.10.2024)
35. Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication / S. Ghorbani Lyastani et al. 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 18–21 May 2020. 2020. URL: https://doi.org/10.1109/sp40000.2020.00047 (date of access: 19.11.2024)
36. Biometrics, FIDO, and More: A Guide to Passwordless Authentication Methods. BIO-key Blog. URL: https://blog.bio-key.com/biometrics-fido-and-more-a-guide-to-passwordless-authentication-methods (accessed: 09.10.2024)
37. What is a relational database?. Oracle | Cloud Applications and Cloud Platform. URL: https://www.oracle.com/database/what-is-a-relational-database/ (date of access: 09.10.2024)
38. Does my browser support WebAuthn?. Does my browser support WebAuthn?. URL: https://webauthn.me/browser-support (date of access: 25.11.2024)
39. Rasmussen B. A Usability Study of FIDO2 Roaming Software Tokens as a Password Replacement. 2021. URL: https://scholarsarchive.byu.edu/etd/9227 (date of access: 19.11.2024)
40. What is Passwordless Authentication and How Does It Work?. LoginTC. URL: https://www.logintc.com/types-of-authentication/passwordless-authentication/ (date of access: 09.10.2024)
Content type: Master Thesis
Appears in Collections:126 — інформаційні системи та технології

Files in This Item:
File Description SizeFormat 
KRM_2026_ISTm-62_Akinyemi_VO.pdfДипломна робота2,01 MBAdobe PDFView/Open
Show full item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Admin Tools