TU Darmstadt / ULB / TUbiblio

Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions

Putz, Florentin ; Schön, Steffen ; Hollick, Matthias (2021)
Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions.
4th International Workshop on Emerging Technologies for Authorization and Authentication. Darmstadt, Germany (08.10.2021-08.10.2021)
doi: 10.1007/978-3-030-93747-8_2
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The FIDO2 standards for strong authentication on the Internet define an extension interface, which allows them to flexibly adapt to future use cases. The domain of establishing new FIDO2 extensions, however, is currently limited to web browser developers and members of the FIDO alliance. We show how researchers and developers can design and implement their own extensions for using FIDO2 as a well-established and secure foundation to demonstrate innovative authentication concepts or to support custom deployments. Our open-source implementation targets the full FIDO2 stack, such as the Chromium web browser and hardware tokens, to enable tailor-made authentication based on the power of the existing FIDO2 ecosystem. To give an overview of existing extensions, we survey all published FIDO2 extensions by manually inspecting the source code of major web browsers and authenticators. Their current design, however, hinders the implementation of custom extensions, and they only support a limited number of extensions out of the box. We discuss weaknesses of current implementations and identify the lack of extension pass-through as a major limitation in current FIDO2 clients.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2021
Autor(en): Putz, Florentin ; Schön, Steffen ; Hollick, Matthias
Art des Eintrags: Bibliographie
Titel: Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions
Sprache: Englisch
Publikationsjahr: 8 Oktober 2021
Verlag: Springer
Buchtitel: Emerging Technologies for Authorization and Authentication
Reihe: Lecture Notes in Computer Science
Band einer Reihe: 13136
Veranstaltungstitel: 4th International Workshop on Emerging Technologies for Authorization and Authentication
Veranstaltungsort: Darmstadt, Germany
Veranstaltungsdatum: 08.10.2021-08.10.2021
DOI: 10.1007/978-3-030-93747-8_2
URL / URN: https://link.springer.com/chapter/10.1007/978-3-030-93747-8_...
Kurzbeschreibung (Abstract):

The FIDO2 standards for strong authentication on the Internet define an extension interface, which allows them to flexibly adapt to future use cases. The domain of establishing new FIDO2 extensions, however, is currently limited to web browser developers and members of the FIDO alliance. We show how researchers and developers can design and implement their own extensions for using FIDO2 as a well-established and secure foundation to demonstrate innovative authentication concepts or to support custom deployments. Our open-source implementation targets the full FIDO2 stack, such as the Chromium web browser and hardware tokens, to enable tailor-made authentication based on the power of the existing FIDO2 ecosystem. To give an overview of existing extensions, we survey all published FIDO2 extensions by manually inspecting the source code of major web browsers and authenticators. Their current design, however, hinders the implementation of custom extensions, and they only support a limited number of extensions out of the box. We discuss weaknesses of current implementations and identify the lack of extension pass-through as a major limitation in current FIDO2 clients.

Freie Schlagworte: Security, Authentication, Key Management, Hardware Token, Passwordless, WebAuthn, FIDO2, emergenCITY_KOM
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Sichere Mobile Netze
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > emergenCITY
TU-Projekte: HMWK|III L6-519/03/05.001-(0016)|emergenCity TP Bock
Hinterlegungsdatum: 24 Jan 2022 08:54
Letzte Änderung: 04 Sep 2023 09:22
PPN: 494193166
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen