Apple, Google and Microsoft have all adopted FIDO2 for biometric authentication. This research was the first provable security analysis of this standard and makes recommendations for improvements, especially to strengthen defense against man-in-the-middle attacks. This type of attack is very hard to implement in the wild, but when this authentication method is used to protect highly valuable information, it is likely that additional authentication methods should be utilized. The article also indicates a potential lock-in when a user accumulates many passwords in an environment tied to one specific vendor. In a separate interview with Fast Company, Sam Srinivas, the product management director at Google and current president of the FIDO Alliance, argues: “The platforms do not want to be in a situation where lock-in is a long-term inhibitor for this change in the world, because this is hardly the intent,” he says. “The intent is to make the internet safer.”
“FIDO2 is a passwordless digital ID authentication standard based on public key cryptography that aims for a more secure and easy-to-use online authentication with possession credentials like biometrics. It has seen rapid adoption by popular web browsers, the Android operating system, and various biometric authentication systems like Windows Hello and Keyless.
The researchers write in the paper that there is a lack of analysis on the cryptographic provable security approach to the FIDO2 protocols or the CTAP2, and there are limited results on WebAuthn research. By performing a modular cryptographic analysis of the authentication properties guaranteed by FIDO2 using the provable security approach, the research team sought to uncover vulnerabilities and recommendations to bolster the security of FIDO2.
While WebAuthn’s provable security could be proven, the same could not be said of CTAP2. The team found that CTAP2’s “pinToken” generation at login could be a security vulnerability as it was repeated for subsequent communication, which could compromise security as a whole. It also used an unauthenticated Diffie-Hellman cryptographic key exchange that leaves it vulnerable to man-in-the-middle attacks.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group