| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Riekkinen, Janne", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Hyttinen, Tuomas", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-07-04T05:59:44Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-07-04T05:59:44Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/88202", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Salasanapohjainen tunnistautuminen on s\u00e4ilytt\u00e4nyt asemansa yleisimp\u00e4n\u00e4 tunnistautumismenetelm\u00e4n\u00e4 jo vuosikymmenien ajan. Uusi salasanaton tunnistautumisstandardi FIDO2 on osoittautunut salasanapohjaisen tunnistautumisen potentiaalisimmaksi syrj\u00e4ytt\u00e4j\u00e4ksi, jolla on my\u00f6s edellytyksi\u00e4 levit\u00e4 laajasti kuluttajak\u00e4ytt\u00f6\u00f6n. T\u00e4m\u00e4n kirjallisuuskatsauksen tarkoituksena on selvitt\u00e4\u00e4 salasanapohjaisen tunnistautumisen parhaita k\u00e4yt\u00e4nt\u00f6j\u00e4 ja erityisesti sen toteuttamiseen liittyvi\u00e4 toimenpiteit\u00e4. Toisena tavoitteena on tutkia mahdollisia FIDO2:n tarjoamia parannuksia n\u00e4ihin havaittuihin l\u00f6yd\u00f6ksiin.\nTutkimus aloitettiin ker\u00e4\u00e4m\u00e4ll\u00e4 ja validoimalla aineisto tutkimuskysymysten perusteella. L\u00e4hteiden laadun varmistamiseksi luotiin l\u00e4hdematriisi. Lopulliseen aineistoon valittiin 26 vertaisarvioitua tieteellist\u00e4 julkaisua, sek\u00e4 paljon standardin kehitt\u00e4jien aineistoa. Tutkimuksen suurimmat ongelmat liittyiv\u00e4t suhteellisen v\u00e4h\u00e4iseen ja uuteen FIDO2-standardin tutkimukseen.\nTutkimuksen tulokset osoittavat, ett\u00e4 ohjelmistokehitt\u00e4jill\u00e4 tulee olla laaja tiet\u00e4mys useista eri menettelytavoista salasanapohjaisien ratkaisujen toteutuksessa. Tiedeyhteis\u00f6 on havainnut puutteita kehitt\u00e4jien tiedoissa ja taidoissa k\u00e4ytett\u00e4ess\u00e4 salausrajapintoja salasanojen tallentamiseen. My\u00f6s salasanojen luomista ohjaavien toimenpiteiden toteutus on havaittu puutteellisiksi yleisesti web-palveluissa. FIDO2:n on todettu parantavan salasanapohjaisissa kirjautumismenetelmiss\u00e4 havaittuja puutteita, erityisesti tietovuotoja ja tietojenkalasteluhy\u00f6kk\u00e4yksi\u00e4 vastaan, poistamalla tarpeen tallentaa salasanoja web-palveluntarjoajien palvelimille. Standardi on todettu tietoturvaltaan paremmaksi ratkaisuksi, kuin mik\u00e4\u00e4n muu tunnistautumismenetelm\u00e4 t\u00e4h\u00e4n asti. Menetelm\u00e4n toteuttamiseen liittyy kuitenkin API-rajapintojen k\u00e4ytt\u00e4misen suhteen samoja haasteita kuin salasanapohjaisilla tunnistautumismenetelmill\u00e4. Toteutusmenetelmiin, dokumentaatioon ja kehitt\u00e4jien koulutusmateriaaliin tulee kiinnitt\u00e4\u00e4 huomiota, jotta salasanapohjaisien menetelmien toteutuksissa tunnistetut virheet eiv\u00e4t toistuisi tulevaisuuden FIDO2 implementoinneissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2023-07-04T05:59:44Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-07-04T05:59:44Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "36", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "FIDO2", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tunnistautuminen", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "FIDO2 suhteessa salasanapohjaisen tunnistautumisen ongelmiin webpalveluissa", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "bachelor thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202307044344", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Bachelor's thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Kandidaatinty\u00f6", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_7a1f", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "bachelorThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salasanat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|