On Making U2F Protocol Leakage-Resilient via Re-keying

Donghoon Chang, Sweta Mishra, Somitra Kumar Sanadhya, and Ajit Pratap Singh

Abstract

The Universal 2nd Factor (U2F) protocol is an open authentication standard to strengthen the two-factor authentication process. It augments the existing password based infrastructure by using a specialized USB, termed as the U2F authenticator, as the 2nd factor. The U2F authenticator is assigned two fixed keys at the time of manufacture, namely the device secret key and the attestation private key. These secret keys are later used by the U2F authenticator during the Registration phase to encrypt and digitally sign data that will help in proper validation of the user and the web server. However, the use of fixed keys for the above processing leaks information through side channel about both the secrets. In this work we show why the U2F protocol is not secure against side channel attacks (SCA). We then present a countermeasure for the SCA based on re-keying technique to prevent the repeated use of the device secret key for encryption and signing. We also recommend a modification in the existing U2F protocol to minimise the effect of signing with the fixed attestation private key. Incorporating our proposed countermeasure and recommended modification, we then present a new variant of the U2F protocol that has improved security guarantees. We also briefly explain how the side channel attacks on the U2F protocol and the corresponding proposed countermeasures are similarly applicable to Universal Authentication Framework (UAF) protocol.

Note: There are few editorial changes in the current version of the paper.

Available format(s)
Publication info
Preprint. MINOR revision.
Keywords
Contact author(s)
swetam @ iiitd ac in
History
2017-08-08: revised
See all versions
Short URL
https://ia.cr/2017/721

CC BY

BibTeX

@misc{cryptoeprint:2017/721,
author = {Donghoon Chang and Sweta Mishra and Somitra Kumar Sanadhya and Ajit Pratap Singh},
title = {On Making U2F Protocol Leakage-Resilient via Re-keying},
howpublished = {Cryptology ePrint Archive, Paper 2017/721},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/721}},
url = {https://eprint.iacr.org/2017/721}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.