With the rise of attacks on online accounts in the past years, more and more services offer two-factor authentication for their users. Having factors out of two of the three categories something you know, something you have and something you are should ensure that an attacker cannot compromise two of them at once. Thus, an adversary should not be able to maliciously interact with one's account. However, this is only true if one considers a weak adversary. In particular, since most current solutions only authenticate a session and not individual transactions, they are noneffective if one's device is infected with malware. For online banking, the banking industry has long since identified the need for authenticating transactions. However, specifications of such authentication schemes are not public and implementation details vary wildly from bank to bank with most still being unable to protect against malware. In this work, we present a generic approach to tackle the problem of malicious account takeovers, even in the presence of malware. To this end, we define a new paradigm to improve two-factor authentication that involves the concepts of one-out-of-two security and transaction authentication. Web authentication schemes following this paradigm can protect security-critical transactions against manipulation, even if one of the factors is completely compromised. Analyzing existing authentication schemes, we find that they do not realize one-out-of-two security. We give a blueprint of how to design secure web authentication schemes in general. Based on this blueprint we propose FIDO2 With Two Displays (FIDO2D), a new web authentication scheme based on the FIDO2 standard and prove its security using Tamarin. We hope that our work inspires a new wave of more secure web authentication schemes, which protect security-critical transactions even against attacks with malware.
翻译:过去几年来,对在线账户的攻击不断上升,越来越多的服务为其用户提供了双重因素的认证。在三种类型中的两种因素中,有你所知道的,有你所知道的,有你所知道的,有你所知道的,有你应该确保攻击者不能同时妥协其中两种。因此,对手不应能够恶意地与一个人的账户互动。然而,只有当人们考虑到一个薄弱的对手时,这种情况才会发生。特别是,由于大多数目前的解决办法仅认证一个届会而不是个别交易,如果一个人的装置被恶意软件感染,它们就不是有效的。对于网上银行,银行业早就确定了验证交易的必要性。然而,这种认证办法的规格不是公开的,而且执行的细节从银行到银行之间都大不相同,而且大多数仍然无法防范恶意的账号。在这项工作中,我们提出了一个解决恶意账户接管问题的一般性办法,即使存在恶意软件。为此,我们定义了一个新的模式来改进双份的认证,它涉及一出两个安全和交易验证的概念。在网上验证计划中,我们甚至能够保护一个基于安全指令的交易,一个系统的设计可以保证安全性交易不受恶意操纵。