Not logged in » Login
Sep 21 2018

WebAuthn: Researchers Voice Concerns About Security Risks

Wouldn't it be just fantastic if users could log into any web portal, mail account and myriad other services without ever having to remember one of those pesky passwords again? Yup it would be, the W3C Consortium decided at some point in 2015, and started working on the Web Authentication (WebAuthn) standard, in collaboration with the FIDO Alliance and various browser makers. Following unusually fast progress, the first Candidate Recommendation was published in March this year. Not much later, both Google and Mozilla incorporated the fresh standard and API into the then-current versions of their Chrome and Firefox browsers – yet another quick decision, but one that may now backfire.

That's because engineers from Paragon Initiative Enterprises (PIE), a Florida-based security firm, claim to have detected a number of flaws "that almost any cryptographer should have been able to identify and remedy earlier in the design phase." The PIE staffers now propose that the WebAuthn design and specification be substantially reworked before anything is "set in stone" – meaning, before the W3C elevates it to official Recommendation (REC) status.

In particular, the Floridians take issue with the following weaknesses:

  • A part of the specification builds on the CBOR Object Signing and Encryption (COSE) standard laid out in the IETF's RFC 8152. As a result of this legacy, WebAuthn requires ongoing support for the RSA algorithm with PKCS v1.5 padding – a PKI implementation first identified as vulnerable in 1998. It's theoretically possible to implement PKCS v1.5 in a secure manner, but only if web developers take measures to explicitly prevent potential adaptive chose-ciphertext attacks, which in turn causes time-consuming complications and is therefore not a very popular option, regardless of the API or language web they are working with. Unsurprisingly, the PIE experts recommend that support for RSA with PKCS v.1.5 should be dropped from the final specification.
  • Another vulnerability lies in the FIDO Alliance's Elliptic Curve Direct Anonymous Attestation (ECDAA) scheme. More specifically, the 'Paragonistas' point out that the choice of adequate parameters for cryptographic methods based on Elliptic Curves is something that may take years, even if the task is assigned to a whole bunch of experts. Moreover, mistakes during implementation could lead to the leakage of secret keys, and that's nothing anybody would want. Consequently, the PIE team strongly advises against using the FIDO ECDAA scheme in its current form, unless and until the WebAuthn Working Group has enhanced it in a way that helps prevent attacks on flawed EC mechanisms.

Such pointed critique notwithstanding, the Paragon team does not suggest that users who have switched to WebAuthn revoke their decision and return to previous authentication methods. Apparently, it's still better to work with hardware-based two- or multi-factor authentication, as recommended by the latest official WebAuthn specification, than with password/SMS or password/TOTP combinations.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now