A group of researchers supported in part by the U.S. National Science Foundation say they have identified a design flaw in the FIDO authentication system without a password.
His work, Provable Security Analysis of FIDO2, was published last week in the Crypology ePrint Archive of the International Association for Cryptological Research.
The FIDO alliance was launched in 2013 by a group of technology providers and services, including PayPal; now has Microsoft, Google, Apple and Facebook among its members.
In February 2016, the World Wide Web Consortium (W3C) began work to standardize FIDO 2.0.
Passwordless logins are based on two key protocols: W3C WebAuthn and Authenticator Client Protocol (CTAP2).
The WebAuthn part of a FIDO-compliant login uses a trusted authentication device (smartphone or security token) to set a private key for a communication session; while CTAP2 binds a trusted client to the authenticator.
“Broadly, [CTAP2’s] The security goal is to “link” a trusted client with the configuration authenticator by requiring the user to provide the correct PIN, so that the authenticator only accepts authorized orders sent from a “linked” client. , said the document.
However, the CTAP2 approach is not “certainly demonstrable” (a formal term meaning that the protocol or product can be mathematically proven to be safe).
In their analysis, the researchers cite two aspects of CTAP2 that open up possible attack vectors.
Most importantly, it uses an unauthenticated Diffie-Hellman key exchange.
This opens the door to two types of attack, the document says: a simple MITM attack, which gives the attacker access to security keys and therefore to the user’s communications; or the attacker may impersonate a client with the authenticator.
The other flaw is that the smartphone or computer that uses FIDO2 to log in generates a single “pinToken” at startup.
This pinToken is then used for all subsequent communications, which means that security is lost if any of these sessions are compromised.
The document suggests replacing the CTAP2 part of the FIDO exchange with another scheme to eliminate these problems.
The probable security analysis of FIDO2 is the work of Manuel Barbosa, of the University of Porto (FCUP) and the INESC TEC in Portugal; Alexandra Boldyreva of the U.S. Georgia Institute of Technology; Shan Chen of Darmstadt Technische University of Germany; and Bogdan Warinschi of the University of Bristol.