3

FIDO keys, used for 2 factor authentication are based on a challenge-response mechanism.

Besides generating a common 1-time-key using diffie-hellman, or transferring all data over TLS, how can they prevent reflection attacks?

Challenge: Alice -> Eve -> Bob

Response (even if encrypted): Bob -> Eve -> Alice

Eve <-> Alice initiates a secure connection.

Bharel
  • 133
  • 5

1 Answers1

5

If you're not using TLS, FIDO keys (WebAuthn or U2F) aren't going to do you much good. In fact, the spec requires that browsers only expose the API in secure contexts:

The client facilitates these security measures by providing the Relying Party's origin and RP ID to the authenticator for each operation. Since this is an integral part of the WebAuthn security model, user agents only expose this API to callers in secure contexts.

WebAuthn and U2F are authentication protocols, establishing a secure connection is outside their scope. If the user's connection isn't encrypted, if the cipher suite being used is broken, or if the user trusts a MitM's certificate, it's game over.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50
  • So basically a malicious chrome.exe on a computer, pretending to serve Google.com, can create a reflection attack and thus authenticate a remote attacker. If so, why do FIDO keys count as more secure when inserting to an unauthorized public computer than TOTP? – Bharel Apr 01 '19 at 13:25
  • 2
    Where are you hearing that they're counted as more secure when using a public computer? They're more secure in that they prevent phishing if the browser isn't malicious and the connection is secure, but if you don't trust the browser there's not much you can do. No matter how you authenticate the browser could give away your session cookie to an attacker. – AndrolGenhald Apr 01 '19 at 13:31
  • session cookie can be tied to other identifiable information such as IP but I got your point :-) Thank you! – Bharel Apr 01 '19 at 13:38
  • And as soon as you unplug them the PitM attack is contained as you cannot get a new valid authentication. – eckes Apr 01 '19 at 23:03