Τίτλος:
A security evaluation of FIDO’s UAF protocol in mobile and embedded devices
Γλώσσες Τεκμηρίου:
Αγγλικά
Περίληψη:
The FIDO (Fast Identity Online) Universal Authentication Framework is a new authentication mechanism that replaces passwords, simplifying the process of user authentication. To this end, FIDO transfers user verification tasks from the authentication server to the user’s personal device. Therefore, the overall assurance level of user authentication is highly dependent on the security and integrity of the user’s device involved. This paper analyses the functionality of FIDO’s UAF protocol and identifies a list of critical vulnerabilities that may compromise the authenticity, privacy, availability, and integrity of the UAF protocol, allowing an attacker to launch a number of attacks, such as, capturing the data exchanged between a user and an online service, impersonating a user at any UAF compatible online service, impersonating online services to the user, and presenting fake information to the user’s screen during a transaction. © Springer International Publishing AG 2017.
Συγγραφείς:
Panos, C.
Malliaros, S.
Ntantogian, C.
Panou, A.
Xenakis, C.
Περιοδικό:
Communications in Computer and Information Science
Λέξεις-κλειδιά:
Digital communication systems; Electronic data interchange; Trusted computing, Embedded device; FIDO; Remote attestation; Security analysis; TrustZone, Authentication
DOI:
10.1007/978-3-319-67639-5_11
