WebAuthn as part of FIDO2 is a new standard for two-factor and even password-less user authentication to web-services. Leading browsers, like Google Chrome, Microsoft Edge, and Mozilla Firefox, support the WebAuthn API. Unfortunately, the availability of hardware authenticators that support FIDO2 authentication is still focused heavily on desktop computers, while for mobile devices, only a limited choice of suitable authenticators is available to users (few roaming authenticators with wireless connectivity and even
fewer built-in platform authenticators on mobile devices). This creates a void for users, in particular users of older device generations that lack platform authenticators and the right connectivity, to authenticate themselves with WebAuthn to web-services.
In this poster, we present the idea of simFIDO, a FIDO2 setup using a recently developed simTPM as (platform) authenticator for mobile devices and even as roaming authenticator offered by mobile devices to connected computers. The move-ability property of the key storage of simTPM makes the users’ lives easier for credential
portability between devices. In particular, a seamless integration of simTPM with non-mobile devices through phones will help to create a kind of universal authentication setup using FIDO2.
Although we present the concrete design and implementation
of a SIM card-based FIDO2 authenticator, we hope this poster will contribute to the discussion about how and in which form hardware authenticators can be made available to users.
History
Preferred Citation
Dhiman Chakraborty and Sven Bugiel. simFIDO: FIDO2 User Authentication with simTPM. In: ACM Conference on Computer and Communications Security (CCS). 2019.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
ACM Conference on Computer and Communications Security (CCS)
CISPA Affiliation
No
Legacy Posted Date
2019-11-17
Open Access Type
Unknown
Presentation Type
Presentation (no conference)
BibTeX
@inproceedings{cispa_all_2976,
title = "simFIDO: FIDO2 User Authentication with simTPM",
author = "Chakraborty, Dhiman and Bugiel, Sven",
booktitle="{ACM Conference on Computer and Communications Security (CCS)}",
year="2019",
}