Funded by: | NCSC, UK (via University of Surrey) |
Duration: | 07/2019 - 06/2023 (4 years) |
Contact at PACY: | Prof. Dr. Mark Manulis |
This project aims to design secure and privacy-friendly protocols for multi-factor web authentication, in particular focusing on the decentralised approaches such as the new WebAuthn standard.
As part of this project cooperation with Yubico has been setup to explore privacy-preserving and standards-conform approaches for backing up WebAuthn credentials and enabling account recovery without reverting to less secure and private solutions like passwords or one-time tokens. One of the outcomes is the design of Asynchronous Remote Key Generation, a new primitive which is particularly well aligned with the decentralised and unlinkable key management behind the WebAuthn standard.
The project further aims to utilise this primitive to enable privacy-preserving delegation of WebAuthn credentials amongst users with the possibility of revocation at a later stage. The project aims to develop classical as well as post-quantum secure versions of the proposed cryptographic approaches for back-up and delegation of WebAuthn credentials.