2019 IEEE Symposium on Security and Privacy (SP) 2019
DOI: 10.1109/sp.2019.00048
|View full text |Cite
|
Sign up to set email alerts
|

True2F: Backdoor-Resistant Authentication Tokens

Abstract: We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin tokenfingerprinting attacks. To facilitate real-world deployment, our system is backwards-… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
9
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
4
2
2

Relationship

0
8

Authors

Journals

citations
Cited by 17 publications
(9 citation statements)
references
References 148 publications
(227 reference statements)
0
9
0
Order By: Relevance
“…Some participants expressed mistrust into the hardware token, mostly due to a lack of transparency, and recent security incidents [79] could reinforce such mistrust. Thus, work that increases the trustworthiness of the device [80] is important. Further, our participants raised concerns that we did not cover in our video (e.g., recovery and revocation) or that we did not predict (e.g., corner cases).…”
Section: A Closer To a Password Killer?mentioning
confidence: 99%
“…Some participants expressed mistrust into the hardware token, mostly due to a lack of transparency, and recent security incidents [79] could reinforce such mistrust. Thus, work that increases the trustworthiness of the device [80] is important. Further, our participants raised concerns that we did not cover in our video (e.g., recovery and revocation) or that we did not predict (e.g., corner cases).…”
Section: A Closer To a Password Killer?mentioning
confidence: 99%
“…In addition to text-based schemes, the hardware-based AS can also be applied to address the vulnerabilities of other conventional AS, such as Web based and Biometrics based, by comprising a secret token as the initial authentication eligibility. In other words, it is possible to prevent most of the aforementioned attacks by employing functions of hardware tokens, except those noticed below [175], [176].…”
Section: E Attacks On Hardware-based Asmentioning
confidence: 99%
“…It is important to emphasize that the hardware-based AS still provide sufficient protection (superior to the other AS). Even if an attacker steals the user's credentials through some forms of spyware, (s)he is not able to crack the security of the device without possessing the token [175], [176].…”
Section: E Attacks On Hardware-based Asmentioning
confidence: 99%
See 1 more Smart Citation
“…Two-factor authentication devices. Hardware security devices such as RSA SecurID [53], smart cards [10], and U2F tokens [5, 24,62] serve as a second factor for authentication. Such devices can prove physical possession and protect against phishing attacks.…”
Section: Security Devicesmentioning
confidence: 99%