Jump to content

WebAuthn

From Wikipedia, the free encyclopedia

Web Authentication
AbbreviationWebAuthn
First published31 May 2016(2016-05-31)
Latest versionLevel 2 Recommendation
21 April 2021(2021-04-21)
Preview versionLevel 3 (FPWD)
15 December 2021(2021-12-15)
OrganizationFIDO2 Project(FIDO AllianceandW3C)
CommitteeWeb Authentication Working Group
Editors
Current editors
  • Jeff Hodges (Google)
  • J.C. Jones (Mozilla)
  • Michael B. Jones (Microsoft)
  • Akshay Kumar (Microsoft)
  • Emil Lundberg (Yubico)
Previous editors
  • Dirk Balfanz (Google)
  • Vijay Bharadwaj (Microsoft)
  • Arnar Birgisson (Google)
  • Alexei Czeskis (Google)
  • Hubert Le Van Gong (PayPal)
  • Angelo Liao (Microsoft)
  • Rolf Lindemann (Nok Nok Labs)
Base standards
  • File API
  • WHATWG Encoding Standard
  • Unicode AUX #29: Text Segmentation
DomainAuthentication

Web Authentication(WebAuthn) is aweb standardpublished by theWorld Wide Web Consortium(W3C).[1][2][3]WebAuthn is a core component of theFIDO2 Projectunder the guidance of theFIDO Alliance.[4]The goal of the project is to standardize an interface for authenticating users to web-based applications and services usingpublic-key cryptography.WebAuthn credentials (which are themselves FIDO credentials) are sometimes referred to aspasskeys.[5]

On the client side, support for WebAuthn can be implemented in a variety of ways. The underlying cryptographic operations are performed by anauthenticator,which is an abstract functional model that is mostly agnostic with respect to how the key material is managed. This makes it possible to implement support for WebAuthn purely in software, making use of a processor'strusted execution environmentor aTrusted Platform Module(TPM). Sensitive cryptographic operations can also be offloaded to a roaming hardware authenticator that can in turn be accessed viaUSB,Bluetooth Low Energy,ornear-field communications(NFC). A roaming hardware authenticator conforms to the FIDOClient to Authenticator Protocol(CTAP),[6]making WebAuthn effectively backward compatible with the FIDOUniversal 2nd Factor(U2F) standard.[7]

Like legacy U2F, Web Authentication is resilient to verifier impersonation; that is, it is resistant to phishing attacks,[8]but unlike U2F, WebAuthn does not require a traditional password.[citation needed]Moreover, a roaming hardware authenticator is resistant to malware since the private key material is at no time accessible to software running on the host machine.

The WebAuthn Level 1 and 2 standards were published asW3C Recommendationson 4 March 2019 and 8 April 2021 respectively.[1][9][10]A Level 3 specification is currently aFirst Public Working Draft(FPWD).[11]

Background

[edit]

FIDO2 is the successor to FIDO Universal 2nd Factor (U2F). Whereas U2F only supports multi-factor mode, having been designed to strengthen existing username/password-based login flows, FIDO2 adds support for single-factor mode. In multi-factor mode, the authenticator is activated by a test ofuser presence,which usually consists of a simple button push; no password is required. In single-factor mode, the authenticator (something you have) performsuser verification.[12]Depending on the authenticator capabilities, this can be:[13]

  • something you know:a secret such as aPIN,passcodeor swipe pattern
  • something you are:abiometricsuch as fingerprint, iris or voice

Regardless of mode, the authenticator never shares its secrets or biometric data with the website.[14]Moreover, a single user's secret or biometric works with all websites, as the authenticator will select the correctcryptographic key materialto use for the service requesting authentication after user verification was completed successfully.

A secret and biometric on the authenticator can be used together, similarly to how they would be used on asmartphone.For example, a fingerprint is used to provide convenient access to your smartphone but occasionally fingerprint access fails, in which case a PIN can be used.

Advantages over traditional password-based authentication

[edit]

WebAuthn addresses by design many inherent issues in traditional password-based authentication:

  • Secure Credential Generation and Storage:WebAuthn generates unique credentials for each website using robust algorithms, storing them securely in trusted authenticators. This eliminates common vulnerabilities such as:
    • Weak passwords that can be easily brute-forced due to insufficient length.
    • Predictable passwords vulnerable to dictionary attacks (e.g., "password", "12345678" ).
    • Guessable passwords based on personal information (e.g., birthdates, addresses).
    • Poor client-side password storage (e.g., written down, stored in phone contacts).
    • Password reuse across multiple websites, as WebAuthn credentials are specific to individual websites by design.
    • Inadequate server-mandated password requirements (e.g., overly lax or restrictive criteria, arbitrary maximum length limits, limited charsets).
    • Restrictions preventing password manager auto-fill features.
  • No Server-Side Credential Storage:The private part of a credential is never stored on a server, eliminating risks and vulnerabilities such as:
    • Insecure password storage in databases (e.g., plaintext or relying on weak hash-based algorithms/constructions).
    • Database leaks exposing passwords.
    • Mandatory, ineffective periodic password changes.
  • Unique Credentials for Each Website:WebAuthn ensures credentials are unique per website, eliminating the following risks and vulnerabilities:
    • Credential stuffing attacks, where attackers use credentials from one data breach across multiple sites.
    • Phishing attacks, as credentials cannot be reused or misapplied to different websites.

Overview

[edit]

Like its predecessor FIDO U2F, W3C Web Authentication (WebAuthn) involves awebsite,aweb browser,and an authenticator:[1]

  • The website is a conforming WebAuthn Relying Party
  • The browser is a conforming WebAuthn Client
  • The authenticator is a FIDO2 authenticator, that is, it is assumed to be compatible with the WebAuthn Client

WebAuthn specifies how a claimant demonstrates possession and control of a FIDO2 authenticator to a verifier called the WebAuthn Relying Party. The authentication process is mediated by an entity called the WebAuthn Client, which is little more than a conforming web browser.

Authentication

[edit]
A typical Web Authentication (WebAuthn) flow

For the purposes of illustration, we assume the authenticator is a roaming hardware authenticator (see below for other options). In any case, the authenticator is a multi-factorcryptographicauthenticator that usespublic-key cryptographyto sign an authentication assertion targeted at the WebAuthn Relying Party. Assuming the authenticator uses aPINfor user verification, the authenticator itself issomething you havewhile the PIN issomething you know.

To initiate the WebAuthn authentication flow,[15]the WebAuthn Relying Party indicates its intentions to the WebAuthn Client (i.e., the browser) viaJavaScript.The WebAuthn Client communicates with the authenticator using a JavaScriptAPIimplemented in the browser. A roaming authenticator conforms to the FIDOClient to Authenticator Protocol.

WebAuthn does not strictly require a roaming hardware authenticator. Alternatively, a software authenticator (e.g., implemented on a smartphone) or a platform authenticator (i.e., an authenticator implemented directly on the WebAuthn Client Device) may be used. Relevant examples of platform authenticators includeWindows Hello[16]and theAndroid operating system.[17]

The illustrated flow relies on PIN-based user verification, which, in terms of usability, is only a modest improvement over ordinary password authentication. In practice, the use ofbiometricsfor user verification can improve the usability of WebAuthn.[citation needed]The logistics behind biometrics are still poorly understood, however. There is a lingering misunderstanding among users that biometric data is transmitted over the network in the same manner as passwords, which is not the case.[18][19]

Registration

[edit]

When the WebAuthn Relying Party receives the signed authentication assertion from the browser, the digital signature on the assertion is verified using a trusted public key for the user. How does the WebAuthn Relying Party obtain that trusted public key in the first place?

To obtain a public key for the user, the WebAuthn Relying Party initiates a WebAuthn registration flow[20]that is very similar to the authentication flow illustrated above. The primary difference is that the authenticator now signs an attestation statement with its attestation private key. The signed attestation statement contains a copy of the public key that the WebAuthn Relying Party ultimately uses to verify a signed authentication assertion. The attestation statement also contains metadata describing the authenticator itself.[citation needed]

The digital signature on the attestation statement is verified with the trusted attestation public key for that particular model of authenticator. How the WebAuthn Relying Party obtains its store of trusted attestation public keys is unspecified. One option is to use the FIDO metadata service.[21]

The attestation type specified in the JavaScript determines the trust model. For instance, an attestation type called self-attestation may be desired, for which the trust model is essentiallytrust on first use.

Support

[edit]

The WebAuthn Level 1 standard was published as a W3C Recommendation by theWeb Authentication Working Groupon 4 March 2019.[1][9][22]WebAuthn is supported byGoogle Chrome,Mozilla Firefox,Microsoft Edge,Apple Safari[9]andOpera.[23]

The desktop version of Google Chrome has supported WebAuthn since version 67.[24]Firefox, which had not fully supported the previous FIDO U2F standard, included and enabled WebAuthn in Firefox version 60, released on 9 May 2018.[25]An earlyWindows Insiderrelease of Microsoft Edge (Build 17682) implemented a version of WebAuthn that works with bothWindows Helloas well as external security keys.[26]

Existing FIDO U2F security keys are largely compatible with the WebAuthn standard, though WebAuthn added the ability to reference a unique per-account "user handle" identifier, which older authenticators are unable to store.[1]

One of the first FIDO2-compatibleauthenticatorswas the second-generationSecurity Keyby Yubico, announced on 10 April 2018.[27]The first FIDO2-compatible authenticators with a display was Trezor Model T by SatoshiLabs, announced on 6 November 2019.[28]Trezor Model T was also the first authenticator that allowed users to select which FIDO2 resident credential should be used directly on a device.

The first Security Level 2 certified FIDO2 key, called "Goldengate" was announced one year later by eWBM on 8 April 2019.[29][30]

Dropboxannounced support for WebAuthn logins (as a 2nd factor) on 8 May 2018.[31]

Appleannounced thatFace IDorTouch IDcould be used as a WebAuthn platform authenticator withSafarion 24 June 2020.[32]

API

[edit]

WebAuthn implements an extension of the W3C's more generalCredential ManagementAPI,which is an attempt to formalize the interaction betweenwebsitesandweb browserswhen exchanging user credentials. The Web Authentication API[33][34]extends the Credential Managementnavigator.credentials.create()andnavigator.credentials.get()JavaScriptmethods so they accept apublicKeyparameter. Thecreate()method is used for registering public keyauthenticatorsas part of associating them with user accounts (possibly at initial account creation time but more likely when adding a new security device to an existing account) while theget()method is used for authenticating (such as when logging in).

To check if a browser supports WebAuthn, scripts should check if thewindow.PublicKeyCredentialinterface is defined. In addition toPublicKeyCredential,the standard also defines theAuthenticatorResponse,AuthenticatorAttestationResponse,andAuthenticatorAssertionResponseinterfaces in addition to a variety of dictionaries and other datatypes.

The API does not allow direct access to or manipulation of private keys, beyond requesting their initial creation.

Reception

[edit]

In August 2018, Paragon Initiative Enterprises conducted a security audit of the WebAuthn standard. While they could not find any specificexploits,they revealed some serious weaknesses in the way the underlying cryptography is used and mandated by the standard.[35]

The main points of criticism revolve around two potential issues that were problematic in other cryptographic systems in the past and therefore should be avoided in order to not fall victim to the same class of attacks:

  • Through the mandated use ofCOSE(RFC 8152) WebAuthn also supportsRSAwithPKCS1v1.5 padding.This particular scheme of padding is known to be vulnerable tospecific attacksfor at least twenty years and it has been successfully attacked in other protocols and implementations of the RSA cryptosystem in the past. It is difficult to exploit under the given conditions in the context of WebAuthn, but given that there are more secure cryptographic primitives and padding schemes, this is still a bad choice and is not considered to be best practice among cryptographers any more.
  • The FIDO Alliance standardized on theasymmetric cryptographicschemeECDAA.[36]This is a version ofdirect anonymous attestationbased onelliptic curvesand in the case of WebAuthn is meant to be used to verify the integrity of authenticators, while also preserving the privacy of users, as it does not allow for global correlation of handles. However, ECDAA does not incorporate some of the lessons that were learned in the last decades of research in the area ofelliptic curve cryptography,as the chosen curve has some security deficits inherent to this type of curve, which reduces the security guarantees quite substantially. Furthermore, the ECDAA standard involves random, non-deterministic signatures, which already has been a problem in the past.

Paragon Initiative Enterprises also criticized how the standard was initially developed, as the proposal was not made public in advance and experienced cryptographers were not asked for suggestions and feedback. Hence the standard was not subject to broad cryptographic research from the academic world.

Despite these shortcomings, Paragon Initiative Enterprises still encourage users to continue to use WebAuthn but have come up with some recommendations for potential implementers and developers of the standard that they hope can be implemented before the standard is finalized. Avoiding such mistakes as early as possible would protect the industry from any challenges that are introduced by broken standards and the need forbackwards compatibility.

ECDAA was only designed to be used in combination with device attestation. This particular feature of WebAuthn is not necessarily required for authentication to work. Current implementations allow the user to decide whether an attestation statement is sent during the registration ceremony. Independently, relying parties can choose to require attestation or not. ECDAA was removed from WebAuthn Level 2 as it was not implemented by browsers nor relying parties.[37]

See also

[edit]

References

[edit]
  1. ^abcdeBalfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (eds.)."Web Authentication: An API for accessing Public Key Credentials Level 1 (latest)".World Wide Web Consortium.Retrieved4 March2019.
  2. ^"Web Authentication Working Group".World Wide Web Consortium.Retrieved11 May2018.
  3. ^Strickland, Jonathan (18 March 2019)."What is WebAuthn".TechStuff.iHeartMedia.20:35 minutes in.Retrieved20 March2019.
  4. ^"FIDO2 Project".FIDO Alliance.Retrieved11 May2018.
  5. ^"White Paper: Multi-Device FIDO Credentials"(PDF).FIDO Alliance.March 2022. p. 6.Retrieved20 May2024.
  6. ^Brand, Christiaan; Czeskis, Alexei; Ehrensvärd, Jakob; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Powers, Adam; Verrept, Johan, eds. (30 January 2019)."Client to Authenticator Protocol (CTAP)".FIDO Alliance.Retrieved7 March2019.
  7. ^"WebAuthn / CTAP: Modern Authentication"(PDF).World Wide Web Consortium.10 December 2018.Retrieved11 March2019.
  8. ^Kan, Michael (7 March 2019)."Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise".PC Magazine.Retrieved8 March2019.
  9. ^abc"W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins".World Wide Web Consortium.4 March 2019.Retrieved4 March2019.
  10. ^Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil, eds. (8 April 2021)."Web Authentication: An API for accessing Public Key Credentials Level 2"(Latest ed.).World Wide Web Consortium.Retrieved27 November2022.
  11. ^Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil, eds. (4 April 2021)."Web Authentication: An API for accessing Public Key Credentials Level 3"(First Public Working Draft ed.).World Wide Web Consortium.Retrieved24 December2021.
  12. ^"User Presence vs User Verification".Retrieved19 February2024.
  13. ^Baghdasaryan, Davit; Hill, Brad (2 July 2018)."FIDO Registry of Predefined Values".fidoalliance.org.FIDO Alliance.Retrieved16 June2019.
  14. ^"Web Authentication: An API for accessing Public Key Credentials Level 1 § Terminology: User Verification".w3.org.W3C. 4 March 2019.Retrieved16 June2019.
  15. ^"Web Authentication API".Mozilla.SectionAuthentication.Retrieved18 March2019.
  16. ^Simons, Alex (20 November 2018)."Secure password-less sign-in for your Microsoft account using a security key or Windows Hello".Microsoft.Retrieved6 March2019.
  17. ^"Android Now FIDO2 Certified, Accelerating Global Migration Beyond Passwords".BARCELONA:FIDO Alliance.25 February 2019.Retrieved6 March2019.
  18. ^"Touch ID and Beyond: Duo's Plans for WebAuthn".Duo Security. 5 March 2019.Retrieved8 March2019.
  19. ^Steele, Nick (27 February 2019)."How WebAuthn aims to solve the password problem".Help Net Security.Retrieved8 March2019.
  20. ^"Web Authentication API".Mozilla.SectionRegistration.Retrieved18 March2019.
  21. ^"Metadata Service".FIDO Alliance.Retrieved18 March2019.
  22. ^Protalinski, Emil (4 March 2019)."W3C Approves WebAuthn as the Web Standard for Password-Free Logins".
  23. ^"Can I use Web Authentication API?".Retrieved7 March2019.
  24. ^Brand, Christiaan (3 June 2018)."Enabling Strong Authentication with WebAuthn".Google Developers.Retrieved25 June2018.
  25. ^Shankland, Stephen (9 May 2018)."Firefox moves browsers into post-password future with WebAuthn tech".CNET.Retrieved11 May2018.
  26. ^Sarkar; et al. (23 May 2018)."Announcing Windows 10 Insider Preview Build 17682".Microsoft.Retrieved25 June2018.
  27. ^"Yubico Launches New Developer Program and Security Key for FIDO2 and WebAuthn W3C Specifications"(Press release). 10 April 2018.Retrieved11 May2018.
  28. ^"Make Passwords a Thing of the Past, FIDO2 Is Now Available on Trezor Model T".6 November 2019.Retrieved6 November2019.
  29. ^"eWBM: eWBM's Goldengate Fingerprint Reader is First to Get FIDO L2 Certification"(Press release). 8 April 2019.Retrieved15 June2019.
  30. ^"Mobile ID World, Alex Perala: eWBM's Goldengate Fingerprint Reader is First to Get FIDO L2 Certification"(Press release). 9 April 2019.Retrieved15 June2019.
  31. ^Girardeau, Brad (8 May 2018)."Introducing WebAuthn support for secure Dropbox sign in".Dropbox Tech Blog.Dropbox.Retrieved11 May2018.
  32. ^"Safari 14 Release Notes".Apple Developer Documentation.16 December 2022.Retrieved16 December2022.
  33. ^"Web Authentication API".Mozilla.Retrieved16 March2019.
  34. ^Ackermann, Yuriy (15 January 2019)."Introduction to WebAuthn API".Medium.Retrieved8 March2019.
  35. ^"Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet)".Paragon Initiative Enterprises Blog. 23 August 2018.Retrieved9 October2018.
  36. ^"FIDO ECDAA Algorithm".FIDO Alliance. 27 February 2018.Retrieved9 October2018.
  37. ^"Remove ECDAA? · Issue #1410 · w3c/webauthn".GitHub.28 April 2020.Retrieved3 June2020.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=WebAuthn&oldid=1231164321"