CISPA
Browse

FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs

Download (801.22 kB)
conference contribution
posted on 2023-11-29, 18:23 authored by Fabian Schwarz, Khue DoKhue Do, Gunnar Heide, Lucjan HanzlikLucjan Hanzlik, Christian RossowChristian Rossow
Two-factor authentication (2FA) mitigates the security risks of passwords as sole authentication factor. FIDO2---the de facto standard for interoperable web authentication---leverages strong, hardware-backed second factors. However, practical challenges hinder wider FIDO2 user adoption for 2FA tokens, such as the extra costs ($20-$30 per token) or the risk of inaccessible accounts upon token loss/theft. To tackle the above challenges, we propose FeIDo, a virtual FIDO2 token that combines the security and interoperability of FIDO2 2FA authentication with the prevalence of existing eIDs (e.g., electronic passports). Our core idea is to derive FIDO2 credentials based on personally-identifying and verifiable attributes---name, date of birth, and place of birth---that we obtain from the user's eID. As these attributes do not change even for refreshed eID documents, the credentials "survive" token loss. Even though FeIDo operates on privacy-critical data, all personal data and resulting FIDO2 credentials stay unlinkable, are never leaked to third parties, and are securely managed in attestable hardware containers (e.g., SGX enclaves). In contrast to existing FIDO2 tokens, FeIDo can also derive and share verifiable meta attributes (anonymous credentials) with web services. These enable verified but pseudonymous user checks, e.g., for age verification (e.g., "is adult").

History

Preferred Citation

Fabian Schwarz, Khue Do, Gunnar Heide, Lucjan Hanzlik and Christian Rossow. FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs. In: ACM Conference on Computer and Communications Security (CCS). 2023.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date

2023-01-23

Page Range

2581–2594

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3894, title = "FeIDo: Recoverable FIDO2 Tokens Using Electronic IDs", author = "Schwarz, Fabian and Do, Khue and Heide, Gunnar and Hanzlik, Lucjan and Rossow, Christian", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC