FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4280537715> ?p ?o ?g. }

• W4280537715 abstract "This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by the FIDO industry alliance for secure token online authentication. It complements the W3C WebAuthn specification by providing means to use a USB token or other authenticator as a second factor during the authentication process. From a cryptographic perspective, the protocol is a simple challenge-response where the elliptic curve digital signature algorithm is used to sign challenges. To protect the privacy of the user the token uses unique key pairs per service. To accommodate for small memory, tokens use various techniques that make use of a special parameter called a key handle sent by the service to the token. We identify and analyse a vulnerability in the way the processing of key handles is implemented that allows attackers to remotely link user accounts on multiple services. We show that for vulnerable authenticators there is a difference between the time it takes to process a key handle for a different service but correct authenticator, and for a different authenticator but correct service. This difference can be used to perform a timing attack allowing an adversary to link user's accounts across services. We present several real world examples of adversaries that are in a position to execute our attack and can benefit from linking accounts. We found that two of the eight hardware authenticators we tested were vulnerable despite FIDO level 1 certification. This vulnerability cannot be easily mitigated on authenticators because, for security reasons, they usually do not allow firmware updates. In addition, we show that due to the way existing browsers implement the WebAuthn standard, the attack can be executed remotely." @default.
• W4280537715 created "2022-05-22" @default.
• W4280537715 creator A5020544957 @default.
• W4280537715 creator A5040251515 @default.
• W4280537715 creator A5085209476 @default.
• W4280537715 creator A5086990289 @default.
• W4280537715 date "2022-05-16" @default.
• W4280537715 modified "2023-09-27" @default.
• W4280537715 title "How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy" @default.
• W4280537715 doi "https://doi.org/10.48550/arxiv.2205.08071" @default.
• W4280537715 hasPublicationYear "2022" @default.
• W4280537715 type Work @default.
• W4280537715 citedByCount "0" @default.
• W4280537715 crossrefType "posted-content" @default.
• W4280537715 hasAuthorship W4280537715A5020544957 @default.
• W4280537715 hasAuthorship W4280537715A5040251515 @default.
• W4280537715 hasAuthorship W4280537715A5085209476 @default.
• W4280537715 hasAuthorship W4280537715A5086990289 @default.
• W4280537715 hasBestOaLocation W42805377151 @default.
• W4280537715 hasConcept C136264566 @default.
• W4280537715 hasConcept C142724271 @default.
• W4280537715 hasConcept C148417208 @default.
• W4280537715 hasConcept C162324750 @default.
• W4280537715 hasConcept C204787440 @default.
• W4280537715 hasConcept C26517878 @default.
• W4280537715 hasConcept C2780378061 @default.
• W4280537715 hasConcept C2780385302 @default.
• W4280537715 hasConcept C38652104 @default.
• W4280537715 hasConcept C41008148 @default.
• W4280537715 hasConcept C41065033 @default.
• W4280537715 hasConcept C48145219 @default.
• W4280537715 hasConcept C71924100 @default.
• W4280537715 hasConcept C95713431 @default.
• W4280537715 hasConceptScore W4280537715C136264566 @default.
• W4280537715 hasConceptScore W4280537715C142724271 @default.
• W4280537715 hasConceptScore W4280537715C148417208 @default.
• W4280537715 hasConceptScore W4280537715C162324750 @default.
• W4280537715 hasConceptScore W4280537715C204787440 @default.
• W4280537715 hasConceptScore W4280537715C26517878 @default.
• W4280537715 hasConceptScore W4280537715C2780378061 @default.
• W4280537715 hasConceptScore W4280537715C2780385302 @default.
• W4280537715 hasConceptScore W4280537715C38652104 @default.
• W4280537715 hasConceptScore W4280537715C41008148 @default.
• W4280537715 hasConceptScore W4280537715C41065033 @default.
• W4280537715 hasConceptScore W4280537715C48145219 @default.
• W4280537715 hasConceptScore W4280537715C71924100 @default.
• W4280537715 hasConceptScore W4280537715C95713431 @default.
• W4280537715 hasLocation W42805377151 @default.
• W4280537715 hasLocation W42805377152 @default.
• W4280537715 hasOpenAccess W4280537715 @default.
• W4280537715 hasPrimaryLocation W42805377151 @default.
• W4280537715 hasRelatedWork W141916771 @default.
• W4280537715 hasRelatedWork W2003159817 @default.
• W4280537715 hasRelatedWork W2079101048 @default.
• W4280537715 hasRelatedWork W2151211278 @default.
• W4280537715 hasRelatedWork W2182674152 @default.
• W4280537715 hasRelatedWork W2253962881 @default.
• W4280537715 hasRelatedWork W2736664038 @default.
• W4280537715 hasRelatedWork W2950317205 @default.
• W4280537715 hasRelatedWork W2963497290 @default.
• W4280537715 hasRelatedWork W4293579513 @default.
• W4280537715 isParatext "false" @default.
• W4280537715 isRetracted "false" @default.
• W4280537715 workType "article" @default.