Exploration of the Security and Usability of the FIDO2 Authentication Protocol

dc.contributor.advisorBaras, John
dc.contributor.authorBreit, Zachary
dc.contributor.authorDean, Hunter
dc.contributor.authorGenerrette, Tai-Juan
dc.contributor.authorHoward, Samuel
dc.contributor.authorKodali, Balaji
dc.contributor.authorKong, Jim
dc.contributor.authorTash, Jonah
dc.contributor.authorWang, Phillip
dc.contributor.authorWu, John
dc.date.accessioned2022-08-31T19:36:59Z
dc.date.available2022-08-31T19:36:59Z
dc.date.issued2022
dc.descriptionGemstone Team PASSen_US
dc.description.abstractFast IDentity Online (FIDO) is a passwordless authentication protocol for the web that leverages public key cryptography and trusted devices to avoid shared secrets on servers. The current version of FIDO, FIDO2, has become widespread and is directly integrated into popular systems such as Windows Hello and Android OS. This thesis details two contributions to the advancement of FIDO2. The first is a modification to the protocol which uses Trusted Execution Environments to resolve security vulnerabilities in the Client To Authenticator Protocol Version 2 (CTAP2), which is a component of FIDO2. It is formally demonstrated that this modification provides a stronger security assumption than CTAP2. The second contribution is an outline of procedures and resources for future researchers to carry out a study of the usability of FIDO2 authenticators via a within-subjects experiment. In the study, subjects register an account on a custom web app using both passwords and FIDO2 credentials. The web app collects metrics about user behavior such as timing information for authentication sessions. Over the course of a week, subjects log in to the same web app every day using both authentication methods. Subjects complete entrance and exit surveys based on the System Usability Scale (SUS) according to their experiences. The surveys and user metrics would then be analyzed to determine whether users perceive FIDO2 as more usable than passwords.en_US
dc.identifierhttps://doi.org/10.13016/wkfq-edas
dc.identifier.urihttp://hdl.handle.net/1903/29106
dc.language.isoen_USen_US
dc.relation.isAvailableAtDigital Repository at the University of Maryland
dc.relation.isAvailableAtGemstone Program, University of Maryland (College Park, Md)
dc.subjectGemstone Team PASSen_US
dc.titleExploration of the Security and Usability of the FIDO2 Authentication Protocolen_US
dc.typeThesisen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Team_PASS_Senior_Thesis.pdf
Size:
1.05 MB
Format:
Adobe Portable Document Format
Description: