A first glance at the U2F protocolFlorian Maury,Mickaël Bergem

Usage of Second-Factor Authentication (2FA) solutions constitutes a valid answer to the threat against weak credentials, such as passwords. Yet many 2FA schemes are vulnerable to prominent web threats such as phishing attacks.

The Universal Second Factor (U2F) protocol, specified by the FIDO Alliance, offers phishing-resistant 2FA solution, optionally based on hardware secure elements. Some well-known websites already use this authentication scheme, including Google, Dropbox and Github. Unfortunately, the U2F protocol still lacks independent reviews.

This study is a first attempt at assessing the actual security brought by the U2F authentication scheme. It confirms that, protocol-wise, most of U2F security goals are achieved. Yet, we found that some of the specified security measures benefit only from an experimental implementation and that some recommendations from the U2F specifications are not yet followed.

This presentation draws a picture of the security brought by U2F and ultimately compares the protocol with some 2FA schemes: Short Message System (SMS) codes, Time-based One-Time Password (TOTP) and TLS client authentication using certificates.