The FIDO2 protocol is a globally used standard for passwordless authentication, building on an alliance between major players in the online authentication space. While already widely deployed, the standard is still under active development. Since version 2.1 of its CTAP sub-protocol, FIDO2 can potentially be instantiated with post-quantum secure primitives.
We provide the first formal security analysis of FIDO2 with the CTAP 2.1 and WebAuthn 2 sub-protocols. Our security models build on work by Barbosa et al. for their analysis of FIDO2 with CTAP 2.0 and WebAuthn 1, which we extend in several ways. First, we provide a more fine-grained security model that allows us to prove more relevant protocol properties, such as guarantees about token binding agreement, the None attestation mode, and user verification. Second, we can prove post-quantum security for FIDO2 under certain conditions and minor protocol extensions. Finally, we show that for some threat models, the downgrade resilience of FIDO2 can be improved, and show how to achieve this with a simple modification.
History
Preferred Citation
Nina Bindel, Cas Cremers and Mang Zhao. FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation. In: IEEE Symposium on Security and Privacy (S&P). 2023.
Primary Research Area
Reliable Security Guarantees
Name of Conference
IEEE Symposium on Security and Privacy (S&P)
Legacy Posted Date
2022-10-17
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3861,
title = "FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post-Quantum Instantiation",
author = "Bindel, Nina and Cremers, Cas and Zhao, Mang",
booktitle="{IEEE Symposium on Security and Privacy (S&P)}",
year="2023",
}