A Novel Protocol Using Captive Portals for FIDO2 Network Authentication

• URL: http://arxiv.org/abs/2402.12864v1
• Date: Tue, 20 Feb 2024 09:55:20 GMT
• Title: A Novel Protocol Using Captive Portals for FIDO2 Network Authentication
• Authors: Marti\~no Rivera-Dourado, Marcos Gestal, Alejandro Pazos and Jose V\'azquez-Naya
• Abstract summary: We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
• Score: 45.84205238554709
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: FIDO2 authentication is starting to be applied in numerous web authentication services, aiming to replace passwords and their known vulnerabilities. However, this new authentication method has not been integrated yet with network authentication systems. In this paper, we introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. Our proposal describes a novel protocol for captive-portal network authentication using FIDO2 authenticators, as security keys and passkeys. For validating our proposal, we have developed a prototype of FIDO2CAP authentication in a mock scenario. Using this prototype, we performed an usability experiment with 15 real users. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.

Related papers

• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• EAP-FIDO: A Novel EAP Method for Using FIDO2 Credentials for Network Authentication [43.91777308855348]
  EAP-FIDO allows organisations with WPA2/3-Enterprise wireless networks or MACSec-enabled wired networks to leverage FIDO2's passwordless authentication. We provide a comprehensive security and performance analysis to support the feasibility of this approach.
  arXiv  Detail & Related papers  (2024-12-04T12:35:30Z)
• CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2 [2.949446809950691]
  We focus on CTAP, which allows FIDO2 clients and hardware authenticators to communicate. We uncover two classes of protocol-level attacks on CTAP that we call CTRAPS. We detail the eight vulnerabilities in the CTAP specification, enabling the CTRAPS attacks. We release CTRAPS, an original toolkit, to analyze CTAP and conduct the CTRAPS attacks.
  arXiv  Detail & Related papers  (2024-12-03T10:11:41Z)
• Quantum Authenticated Key Expansion with Key Recycling [1.274819629555637]
  We present a quantum authentication key expansion protocol that integrates both authentication and key expansion within a single protocol. We analyse the security of the protocol in a QAKE framework adapted from a classical authentication key exchange framework.
  arXiv  Detail & Related papers  (2024-09-25T01:29:13Z)
• SOAP: A Social Authentication Protocol [0.0]
  We formally define social authentication, present a protocol called SOAP that largely automates social authentication, formally prove SOAP's security, and demonstrate SOAP's practicality. One prototype is web-based, and the other is implemented in the open-source Signal messaging application.
  arXiv  Detail & Related papers  (2024-02-05T17:03:10Z)
• Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
  We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
  arXiv  Detail & Related papers  (2024-01-12T14:58:15Z)
• Distilling the Unknown to Unveil Certainty [66.29929319664167]
  Out-of-distribution (OOD) detection is essential in identifying test samples that deviate from the in-distribution (ID) data upon which a standard network is trained. This paper introduces OOD knowledge distillation, a pioneering learning framework applicable whether or not training ID data is available.
  arXiv  Detail & Related papers  (2023-11-14T08:05:02Z)
• When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
  We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
  arXiv  Detail & Related papers  (2023-06-09T14:33:26Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.