True2F: Backdoor-resistant authentication tokens
Emma Dauterman, Henry Corrigan-Gibbs, David Mazi\`eres, Dan Boneh,, Dominic Rizzo
TL;DR
True2F is a robust second-factor authentication system that resists phishing, token faults, and backdoors, with privacy protections and compatibility with existing U2F infrastructure, enabling secure and practical deployment.
Contribution
We introduce True2F, a novel authentication system with new cryptographic protocols and privacy defenses, ensuring security against various attacks while maintaining compatibility with current hardware tokens.
Findings
True2F provides strong protection against phishing and token backdoors.
The system achieves real-world deployment with minimal performance overhead.
Privacy defenses prevent cross-origin token fingerprinting.
Abstract
We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin token-fingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today's U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · User Authentication and Security Systems · Advanced Malware Detection Techniques