U2F is a challenge-response protocol enhanced with protection against phishing and Man-In-The-Middle attacks, application-specific keys, device cloning detection, and device attestation. There are two processes: registration and authentication.
We start with a simple challenge-response authentication process based on public key cryptography. The U2F device has a private key (kpriv), and the RP (Relying Party) receives the corresponding public key (kpub). The key pair is generated in the tamper-resistant execution environment of the device, where kpriv cannot be extracted.
The concept is that the client assembles information about the current HTTP connection (URI and TLS Channel ID). This information is then signed by the U2F device and sent to the RP (Relying Party), which verifies that the information is correct.
Additions to the authentication process:
As previously mentioned, Feitian’s U2F devices are tamper-resistant, and kpriv cannot be read externally (at least not unnoticed). To provide cloning detection for U2F devices without tamper-resistant security elements (such as software implementations), we add an authentication counter. The concept is simple: The device increments the counter during authentication, and the RP (Relying Party) checks that the counter is higher than the previous value.
Additions to the authentication process:
Attestation allows trusted parties to verify token properties, such as the token model. This is implemented through an attestation certificate, signed by the device manufacturer, which the device sends to the RP (Relying Party) during registration. Attestation does not affect the authentication procedure.
Additions to the registration process:
A U2F device must generate a new ECC key pair for each service with which it registers. During authentication, the device must use the previously generated key for that service. While this process is straightforward, it becomes more complex as additional requirements are introduced.
U2F + FIDO2
USB-A NFC