Emulating U2F authenticator devices

Florian Reimair; Christian Paul Kollmann; Alexander Marsalek

doi:10.1109/CNS.2016.7860546

Emulating U2F authenticator devices

Florian Reimair, Christian Paul Kollmann, Alexander Marsalek

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Password authentication has been made more secure by adding additional factors. Unfortunately, popular two-factor authentication methods are vulnerable to attacks themselves. Therefore, the FIDO alliance proposed Universal Second Factor (U2F), an open standard aiming for unified interfaces, secure protocols, and hardware-backed tokens for authentication. However, U2F requires the user to purchase and constantly carry yet another distinct device. We propose an enhancement to U2F making it more user friendly. First, we enable the use of existing cryptographic devices a user already carries around (e. g. a bank card or her smartphone). Second, we provide increased token mobility by enabling remote authenticator tokens. Our showcases demonstrate logging into a web application as well as logging into Microsoft's Windows 10 with a cryptographic smart card via card reader or NFC, Austria's eID, a smartphone, a cloud key service, and a remote U2F token. Our evaluations indicate that our approach is more usable and easier to deploy than stock U2F while it keeps its security features intact. Only a few additional risks are induced by the underlying cryptographic devices. All in all, we believe that our enhancements can push acceptance of U2F even further and thus, make everyone benefit from state-of-the-art authentication.

Original language	English
Title of host publication	2016 IEEE Conference on Communications and Network Security (CNS 2016)
Pages	543 - 551
Number of pages	9
ISBN (Electronic)	978-1-5090-3065-1
DOIs	https://doi.org/10.1109/CNS.2016.7860546
Publication status	Published - Feb 2017
Event	2016 IEEE Conference on Communications and Network Security: IEEE CNS 2016 - Philadelphia, United States Duration: 17 Oct 2016 → 19 Oct 2016

Conference

Conference	2016 IEEE Conference on Communications and Network Security
Country/Territory	United States
City	Philadelphia
Period	17/10/16 → 19/10/16

Keywords

U2F
emulation
two-factor authentication
security modules

Access to Document

10.1109/CNS.2016.7860546

A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area

Cite this

@inproceedings{00f8e8905cac47db97153bb1c8002b9d,

title = "Emulating U2F authenticator devices",

abstract = "Password authentication has been made more secure by adding additional factors. Unfortunately, popular two-factor authentication methods are vulnerable to attacks themselves. Therefore, the FIDO alliance proposed Universal Second Factor (U2F), an open standard aiming for unified interfaces, secure protocols, and hardware-backed tokens for authentication. However, U2F requires the user to purchase and constantly carry yet another distinct device. We propose an enhancement to U2F making it more user friendly. First, we enable the use of existing cryptographic devices a user already carries around (e. g. a bank card or her smartphone). Second, we provide increased token mobility by enabling remote authenticator tokens. Our showcases demonstrate logging into a web application as well as logging into Microsoft's Windows 10 with a cryptographic smart card via card reader or NFC, Austria's eID, a smartphone, a cloud key service, and a remote U2F token. Our evaluations indicate that our approach is more usable and easier to deploy than stock U2F while it keeps its security features intact. Only a few additional risks are induced by the underlying cryptographic devices. All in all, we believe that our enhancements can push acceptance of U2F even further and thus, make everyone benefit from state-of-the-art authentication.",

keywords = "U2F, emulation, two-factor authentication, security modules",

author = "Florian Reimair and Kollmann, {Christian Paul} and Alexander Marsalek",

year = "2017",

month = feb,

doi = "10.1109/CNS.2016.7860546",

language = "English",

pages = "543 -- 551",

booktitle = "2016 IEEE Conference on Communications and Network Security (CNS 2016)",

note = "2016 IEEE Conference on Communications and Network Security : IEEE CNS 2016 ; Conference date: 17-10-2016 Through 19-10-2016",

}

TY - GEN

T1 - Emulating U2F authenticator devices

AU - Reimair, Florian

AU - Kollmann, Christian Paul

AU - Marsalek, Alexander

PY - 2017/2

Y1 - 2017/2

N2 - Password authentication has been made more secure by adding additional factors. Unfortunately, popular two-factor authentication methods are vulnerable to attacks themselves. Therefore, the FIDO alliance proposed Universal Second Factor (U2F), an open standard aiming for unified interfaces, secure protocols, and hardware-backed tokens for authentication. However, U2F requires the user to purchase and constantly carry yet another distinct device. We propose an enhancement to U2F making it more user friendly. First, we enable the use of existing cryptographic devices a user already carries around (e. g. a bank card or her smartphone). Second, we provide increased token mobility by enabling remote authenticator tokens. Our showcases demonstrate logging into a web application as well as logging into Microsoft's Windows 10 with a cryptographic smart card via card reader or NFC, Austria's eID, a smartphone, a cloud key service, and a remote U2F token. Our evaluations indicate that our approach is more usable and easier to deploy than stock U2F while it keeps its security features intact. Only a few additional risks are induced by the underlying cryptographic devices. All in all, we believe that our enhancements can push acceptance of U2F even further and thus, make everyone benefit from state-of-the-art authentication.

AB - Password authentication has been made more secure by adding additional factors. Unfortunately, popular two-factor authentication methods are vulnerable to attacks themselves. Therefore, the FIDO alliance proposed Universal Second Factor (U2F), an open standard aiming for unified interfaces, secure protocols, and hardware-backed tokens for authentication. However, U2F requires the user to purchase and constantly carry yet another distinct device. We propose an enhancement to U2F making it more user friendly. First, we enable the use of existing cryptographic devices a user already carries around (e. g. a bank card or her smartphone). Second, we provide increased token mobility by enabling remote authenticator tokens. Our showcases demonstrate logging into a web application as well as logging into Microsoft's Windows 10 with a cryptographic smart card via card reader or NFC, Austria's eID, a smartphone, a cloud key service, and a remote U2F token. Our evaluations indicate that our approach is more usable and easier to deploy than stock U2F while it keeps its security features intact. Only a few additional risks are induced by the underlying cryptographic devices. All in all, we believe that our enhancements can push acceptance of U2F even further and thus, make everyone benefit from state-of-the-art authentication.

KW - U2F

KW - emulation

KW - two-factor authentication

KW - security modules

U2 - 10.1109/CNS.2016.7860546

DO - 10.1109/CNS.2016.7860546

M3 - Conference paper

SP - 543

EP - 551

BT - 2016 IEEE Conference on Communications and Network Security (CNS 2016)

T2 - 2016 IEEE Conference on Communications and Network Security

Y2 - 17 October 2016 through 19 October 2016

ER -

Emulating U2F authenticator devices

Abstract

Conference

Keywords

Access to Document

Fingerprint

Projects

A-SIT - Secure Information Technology Center Austria

Cite this