Memory-Safe Implementation and Timing Analysis of a Microcontroller-based CTAP2 Authenticator

Abstract:

Phishing is the practice of frauding a person into revealing sensitive and secret information by posing as a trustworthy entity and is one the most commonly employed fraud schemes of the web. Contrary to many other aspects of web security, the number of phishing attacks are ever increasing. Phishing attacks can be carried out relatively easy, because the burden of authenticating the communicating party (i.e. the website) is placed on the user. This requires knowledge and awareness of the user to the problem, which is not commonly the case. In recent years a new approach to tackle phishing has emerged: The cryptographic authenticator. Rather than authenticating a user via a password, the authenticator uses cryptographic signatures to prove its authenticity to the communicating party. The user does not posses a password that could be obtained in a phishing attack. Also, the communicating party has to authenticate itself to the cryptographic authenticator, authentication is bidirectional. The World Wide Web Consortium (W3C), together with the FIDO Alliance, an open security association consisting of namely players of the world wide web have created FIDO2, a set of standards to facilitate the usage of cryptographic authenticators over the World Wide Web. FIDO2 allows web developers to use cryptographic authenticators as a login method using the WebAuthn standardand defines the CTAP2 protocol for the com- munication between the authenticator and the client.

The goal of this thesis is developing a minimal implementation of the CTAP2 authenticator and integration into an existing hardware platform (i.e. a development board). Subsequently, the security of the implementation is evaluated against Timing Side-Channel attacks using a tool developed in the context of this thesis.