all InfoSec news
How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy. (arXiv:2205.08071v1 [cs.CR])
May 18, 2022, 1:20 a.m. | Michal Kepkowski, Lucjan Hanzlik, Ian Wood, Mohamed Ali Kaafar
cs.CR updates on arXiv.org arxiv.org
This paper presents a timing attack on the FIDO2 (Fast IDentity Online)
authentication protocol that allows attackers to link user accounts stored in
vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard
specified by the FIDO industry alliance for secure token online authentication.
It complements the W3C WebAuthn specification by providing means to use a USB
token or other authenticator as a second factor during the authentication
process. From a cryptographic perspective, the protocol is a simple
challenge-response …
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Penetration Tester
@ Resillion | Bengaluru, India
Senior Backend Software Engineer (Java) - Privacy Engineering (Open to remote across ANZ)
@ Canva | Sydney, Australia
(Senior) Information Security Professional (w/m/d)
@ IONOS | Deutschland - Remote
Information Security (Incident Response) Intern
@ Eurofins | Katowice, Poland
Game Penetration Tester
@ Magic Media | Belgrade, Vojvodina, Serbia - Remote