CISPA
Browse

FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation

Download (807.49 kB)
conference contribution
posted on 2023-11-29, 18:24 authored by Nina Bindel, Cas CremersCas Cremers, Mang Zhao
The FIDO2 protocol is a globally used standard for passwordless authentication, building on an alliance between major players in the online authentication space. While already widely deployed, the standard is still under active development. Since version 2.1 of its CTAP sub-protocol, FIDO2 can potentially be instantiated with post-quantum secure primitives. We provide the first formal security analysis of FIDO2 with the CTAP 2.1 and WebAuthn 2 sub-protocols. Our security models build on work by Barbosa et al. for their analysis of FIDO2 with CTAP 2.0 and WebAuthn 1, which we extend in several ways. First, we provide a more fine-grained security model that allows us to prove more relevant protocol properties, such as guarantees about token binding agreement, the None attestation mode, and user verification. Second, we can prove post-quantum security for FIDO2 under certain conditions and minor protocol extensions. Finally, we show that for some threat models, the downgrade resilience of FIDO2 can be improved, and show how to achieve this with a simple modification.

History

Preferred Citation

Nina Bindel, Cas Cremers and Mang Zhao. FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. In: IEEE Symposium on Security and Privacy (S&P). 2023.

Primary Research Area

  • Reliable Security Guarantees

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date

2022-10-17

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3861, title = "FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation", author = "Bindel, Nina and Cremers, Cas and Zhao, Mang", booktitle="{IEEE Symposium on Security and Privacy (S&P)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC