Paper 2020/756

Provable Security Analysis of FIDO2

Manuel Barbosa
Alexandra Boldyreva
Shan Chen
Bogdan Warinschi
Abstract

We carry out the first provable security analysis of the new FIDO2 protocols, the promising FIDO Alliance's proposal for a standard for passwordless user authentication. Our analysis covers the core components of FIDO2: the W3C’s Web Authentication (WebAuthn) specification and the new Client-to-Authenticator Protocol (CTAP2). Our analysis is modular. For WebAuthn and CTAP2, in turn, we propose appropriate security models that aim to capture their intended security goals and use the models to analyze their security. First, our proof confirms the authentication security of WebAuthn. Then, we show CTAP2 can only be proved secure in a weak sense; meanwhile we identify a series of its design flaws and provide suggestions for improvement. To withstand stronger yet realistic adversaries, we propose a generic protocol called sPACA and prove its strong security; with proper instantiations sPACA is also more efficient than CTAP2. Finally, we analyze the overall security guarantees provided by FIDO2 and WebAuthn+sPACA based on the security of its components. We expect that our models and provable security results will help clarify the security guarantees of the FIDO2 protocols. In addition, we advocate the adoption of our sPACA protocol as a substitute of CTAP2 for both stronger security and better performance.

Note: proofs corrected and composed model revised

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2021
Keywords
applied cryptography provable security authentication FIDO2 CTAP2 WebAuthn
Contact author(s)
dragoncs16 @ gmail com
History
2022-05-26: last of 5 revisions
2020-06-21: received
See all versions
Short URL
https://ia.cr/2020/756
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/756,
      author = {Manuel Barbosa and Alexandra Boldyreva and Shan Chen and Bogdan Warinschi},
      title = {Provable Security Analysis of FIDO2},
      howpublished = {Cryptology ePrint Archive, Paper 2020/756},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/756}},
      url = {https://eprint.iacr.org/2020/756}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.