CISPA
Browse
usenixsecurity23-yeoh.pdf (1.5 MB)

Fast IDentity Online with Anonymous Credentials (FIDO-AC).

Download (1.5 MB)
conference contribution
posted on 2024-03-19, 14:28 authored by Wei-Zhu Yeoh, Michal Kepkowski, Gunnar HeideGunnar Heide, Dali Kaafar, Lucjan HanzlikLucjan Hanzlik
Web authentication is a critical component of today's Internet and the digital world we interact with. The FIDO2 protocol enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments following the passwordless authentication approach based on cryptography and biometric verification. However, there is little to no connection between the authentication process and users' attributes. More specifically, the FIDO protocol does not specify methods that could be used to combine trusted attributes with the FIDO authentication process generically and allows users to disclose them to the relying party arbitrarily. In essence, applications requiring attributes verification (e.g. age or expiry date of a driver's license, etc.) still rely on ad-hoc approaches, not satisfying the data minimization principle and not allowing the user to vet the disclosed data. A primary recent example is the data breach on Singtel Optus, one of the major telecommunications providers in Australia, where very personal and sensitive data (e.g. passport numbers) were leaked. This paper introduces FIDO-AC, a novel framework that combines the FIDO2 authentication process with the user's digital and non-shareable identity. We show how to instantiate this framework using off-the-shelf FIDO tokens and any electronic identity document, e.g., the ICAO biometric passport (ePassport). We demonstrate the practicality of our approach by evaluating a prototype implementation of the FIDO-AC system.

History

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

USENIX Security Symposium

Page Range

3029-3046

BibTeX

@conference{Yeoh:Kepkowski:Heide:Kaafar:Hanzlik:2023, title = "Fast IDentity Online with Anonymous Credentials (FIDO-AC).", author = "Yeoh, Wei-Zhu" AND "Kepkowski, Michal" AND "Heide, Gunnar" AND "Kaafar, Dali" AND "Hanzlik, Lucjan", year = 2023, month = 5, journal = "USENIX Security Symposium", pages = "3029--3046" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC