A Novel Protocol Using Captive Portals for FIDO2 Network Authentication

• URL: http://arxiv.org/abs/2402.12864v1
• Date: Tue, 20 Feb 2024 09:55:20 GMT
• Title: A Novel Protocol Using Captive Portals for FIDO2 Network Authentication
• Authors: Marti\~no Rivera-Dourado, Marcos Gestal, Alejandro Pazos and Jose V\'azquez-Naya
• Abstract summary: We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
• Score: 45.84205238554709
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: FIDO2 authentication is starting to be applied in numerous web authentication services, aiming to replace passwords and their known vulnerabilities. However, this new authentication method has not been integrated yet with network authentication systems. In this paper, we introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. Our proposal describes a novel protocol for captive-portal network authentication using FIDO2 authenticators, as security keys and passkeys. For validating our proposal, we have developed a prototype of FIDO2CAP authentication in a mock scenario. Using this prototype, we performed an usability experiment with 15 real users. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.

Related papers

• Quantum Authenticated Key Expansion with Key Recycling [1.274819629555637]
  We present a quantum authentication key expansion protocol that integrates both authentication and key expansion within a single protocol. We analyse the security of the protocol in a QAKE framework adapted from a classical authentication key exchange framework.
  arXiv  Detail & Related papers  (2024-09-25T01:29:13Z)
• SOAP: A Social Authentication Protocol [0.0]
  We formally define social authentication, present a protocol called SOAP that largely automates social authentication, formally prove SOAP's security, and demonstrate SOAP's practicality. One prototype is web-based, and the other is implemented in the open-source Signal messaging application.
  arXiv  Detail & Related papers  (2024-02-05T17:03:10Z)
• Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
  We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
  arXiv  Detail & Related papers  (2024-01-12T14:58:15Z)
• A Review of Password-less User Authentication Schemes [0.0]
  Review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We evaluate the truly password-less and practical schemes based on their impact on user experience, overall security, and ease of deployment.
  arXiv  Detail & Related papers  (2023-12-05T15:57:40Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Distilling the Unknown to Unveil Certainty [66.29929319664167]
  Out-of-distribution (OOD) detection is essential in identifying test samples that deviate from the in-distribution (ID) data upon which a standard network is trained. This paper introduces OOD knowledge distillation, a pioneering learning framework applicable whether or not training ID data is available.
  arXiv  Detail & Related papers  (2023-11-14T08:05:02Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
  We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
  arXiv  Detail & Related papers  (2023-06-09T14:33:26Z)
• Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem [2.3526458707956643]
  We propose a new approach for OAuth ecosystem that combines different client and grant types into a unified singular protocol flow for OAuth (USPFO) USPFO aims to reduce the vulnerabilities associated with implementing and configuring different client types and grant types. It provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation, token (or code) thefts and replay attacks through integrity, authenticity, and binding audience.
  arXiv  Detail & Related papers  (2023-01-29T17:22:02Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.