FIDO2 Facing Kleptographic Threats by-Design
preprint
OA: closed
CC-BY-4.0
Abstract
In this paper, we analyze the FIDO2 authentication scheme from the point of view of its resilience to kleptographic attacks. We show that despite its spartan design and apparent efforts to make it immune to dishonest protocol participants, the unlinkability features of FIDO2 can be effectively broken without a chance to detect it by observing the interactions. Similarly, a malicious authenticator can enable an adversary to seize the authenticator’s private keys and thereby enable impersonating the authenticator’s owner. As a few components of the FIDO 2 protocol are the source of the problem, we indicate that either their implementation details must be scrutinized during a certification process or one can introduce some minor local changes in the FIDO2 protocol that effectively disable attacks of this kind.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00
- unpaywall
- last seen: 2026-05-22T02:00:06.705733+00:00
License: CC-BY-4.0