Visible to the public True2F: Backdoor-Resistant Authentication Tokens

TitleTrue2F: Backdoor-Resistant Authentication Tokens
Publication TypeConference Paper
Year of Publication2019
AuthorsDauterman, Emma, Corrigan-Gibbs, Henry, Mazières, David, Boneh, Dan, Rizzo, Dominic
Conference Name2019 IEEE Symposium on Security and Privacy (SP)
Date Publishedmay
Keywordsauthentication, authorisation, backdoor-resistant authentication tokens, Backdoors, Browsers, commodity hardware tokens, Computer crime, conventional authentication tokens, cross-origin token-fingerprinting attacks, cryptographic keys, cryptographic protocols, data privacy, digital signatures, ECDSA signatures, embedded-systems, Hardware, human factors, phishing, privacy, privacy defenses, Protocols, pubcrawl, Public key, public key cryptography, second-factor authentication, security, software compromise, Standards, token faults, Two factor Authentication, two-party protocols, web services
AbstractWe present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin token-fingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today's U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.
DOI10.1109/SP.2019.00048
Citation Keydauterman_true2f_2019