EAP-FIDO: A Novel EAP Method for Using FIDO2 Credentials for Network Authentication
Marti\~no Rivera-Dourado, Christos Xenakis, Alejandro Pazos, Jose V\'azquez-Naya
TL;DR
This paper introduces EAP-FIDO, a new protocol enabling organizations to use FIDO2 passwordless authentication within existing network standards like IEEE 802.1X, enhancing security and usability.
Contribution
The paper presents EAP-FIDO, a novel EAP method that integrates FIDO2 credentials into network authentication protocols, expanding FIDO2's application scope.
Findings
Security analysis confirms robustness of EAP-FIDO.
Performance evaluation shows acceptable latency and overhead.
Compatibility with existing network standards is demonstrated.
Abstract
The adoption of FIDO2 authentication by major tech companies in web applications has grown significantly in recent years. However, we argue FIDO2 has broader potential applications. In this paper, we introduce EAP-FIDO, a novel Extensible Authentication Protocol (EAP) method for use in IEEE 802.1X-protected networks. This allows organisations with WPA2/3-Enterprise wireless networks or MACSec-enabled wired networks to leverage FIDO2's passwordless authentication in compliance with existing standards. Additionally, we provide a comprehensive security and performance analysis to support the feasibility of this approach.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · IPv6, Mobility, Handover, Networks, Security · Network Packet Processing and Optimization