Web Authentication

主要内容与FIDO一致，基于非对称密钥认证用户身份

注册关键数据流

• client触发注册

• relying party server将challenge和相关注册配置信息给到client

• client组装相关信息给到authenticator

• authenticator校验成功后，随机生成key pair，并基于上述信息生成attestation（其中包含signature，思路类似PKCS#10 CSR）

• authenticator将公钥、attestation等信息给到client

• client将authenticator提供的信息组装后给到relying party server

• relying party server校验成功后，存储对应关键信息（例如credential id, 公钥等等）

认证关键数据流

• client触发认证

• relying party server将challenge和相关认证配置信息给到client

• client将对应relying party id和data hash给到authenticator

• authenticator校验成功后，针对data hash进行签名

• authenticator将签名数据传给client

• client将authenticator提供的信息组装后给到relying party server

• relying party server校验成功后，client成功登录

doc

• RFC8264, RFC8265, RFC8266

• Client to Authenticator Protocol (CTAP)

• RFC7049: Concise Binary Object Representation (CBOR)

• RFC8152: CBOR Object Signing and Encryption (COSE)

• RFC8230: Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages

• Web Authentication

• What is FIDO2 and Web Authentication?

ARKG for webauthn

硬件有效复用

Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn

webauthn-recovery-extension

DerivePK: (𝑒, 𝐸) ←$ KGen 𝑘cred ← KDF1 (ECDH(𝑒, 𝑆)) 𝑘mac ← KDF2 (ECDH(𝑒, 𝑆)) 𝑃 ← (𝑘cred · 𝐺) + 𝑆 cred ← (𝐸, MAC(𝑘mac, 𝐸 ∥serverId))

DeriveSK: 𝑘cred ← KDF1 (ECDH(𝑠, 𝐸)) 𝑘mac ← KDF2 (ECDH(𝑠, 𝐸)) if cred ≠ 𝐸 ∥ MAC(𝑘mac, 𝐸 ∥serverId) then abort 𝑝 ← 𝑘cred + 𝑠 mod 𝑛

PQC for webauthn

Quantum-Safe Account Recovery for WebAuthn

Post-Quantum Account Recovery for Passwordless Authentication

整体思路与ARKG一致。

把ecdh的方案扩展到pqc kem。

本质是通过kem的encap，结合blindPK 派生。