Abstract | ||
---|---|---|
The FIDO (Fast Identity Online) Universal Authentication Framework is a new authentication mechanism that replaces passwords, simplifying the process of user authentication. To this end, FIDO transfers user verification tasks from the authentication server to the user's personal device. Therefore, the overall assurance level of user authentication is highly dependent on the security and integrity of the user's device involved. This paper analyses the functionality of FIDO's UAF protocol and identifies a list of critical vulnerabilities that may compromise the authenticity, privacy, availability, and integrity of the UAF protocol, allowing an attacker to launch a number of attacks, such as, capturing the data exchanged between a user and an online service, impersonating a user at any UAF compatible online service, impersonating online services to the user, and presenting fake information to the user's screen during a transaction. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/978-3-319-67639-5_11 | Communications in Computer and Information Science |
Keywords | DocType | Volume |
Authentication,FIDO,Security analysis,Trusted computing,TPM,Remote attestation,TrustZone,Mobile and embedded devices | Conference | 766 |
ISSN | Citations | PageRank |
1865-0929 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Christoforos Panos | 1 | 0 | 0.34 |
stefanos malliaros | 2 | 14 | 1.59 |
Christoforos Ntantogian | 3 | 86 | 13.03 |
Angeliki Panou | 4 | 3 | 1.13 |
Christos Xenakis | 5 | 221 | 28.00 |