Skip to main content
Conference ProceedingsOPEN ACCESS

True2F: Backdoor-resistant authentication tokens

Proceedings - IEEE Symposium on Security and Privacy (2019) 2019-May 398-416
DOI: 10.1109/SP.2019.00048
17Citations
Citations of this article
52Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin token-fingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today's U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.

Author supplied keywords

Cite

CITATION STYLE

APA

Dauterman, E., Corrigan-Gibbs, H., Mazieres, D., Boneh, D., & Rizzo, D. (2019). True2F: Backdoor-resistant authentication tokens. In Proceedings - IEEE Symposium on Security and Privacy (Vol. 2019-May, pp. 398–416). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SP.2019.00048

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free