Funded by: NCSC, UK (via University of Surrey)
Duration: 07/2019 - 06/2023  (4 years)
Contact at PACY: Prof. Dr. Mark Manulis

 

This project aims to design secure and privacy-friendly protocols for multi-factor web authentication, in particular focusing on the decentralised approaches such as the new WebAuthn standard.

As part of this project cooperation with Yubico has been setup to explore privacy-preserving and standards-conform approaches for backing up WebAuthn credentials and enabling account recovery without reverting to less secure and private solutions like passwords or one-time tokens. One of the outcomes is the design of Asynchronous Remote Key Generation, a new primitive which is particularly well aligned with the decentralised and unlinkable key management behind the WebAuthn standard.

The project further aims to utilise this primitive to enable privacy-preserving delegation of WebAuthn credentials amongst users with the possibility of revocation at a later stage. The project aims to develop classical as well as post-quantum secure versions of the proposed cryptographic approaches for back-up and delegation of WebAuthn credentials.