Nick Frymann, Daniel Gardham (University of Surrey), Franziskus Kiefer (Wire Swiss GmbH), Emil Lundberg (Yubico AB), Mark Manulis (University of Surrey), Dain Nilsson (Yubico AB) (2020) Asynchronous Remote Key Generation: An Analysis of Yubico's Proposal for W3C WebAuthn
WebAuthn, forming part of FIDO2, is a W3C standard for strong authentication, which employs digital signatures to authenticate web users whilst preserving their privacy. Owned by users, WebAu-thn authenticators generate attested and unlinkable public-key credentials for each web service to authenticate users. Since the loss of authenticators prevents users from accessing web services, usable recovery solutions preserving the original WebAuthn design choices and security objectives are urgently needed. We examine Yubico's recent proposal for recovering from the loss of a WebAuthn authenticator by using a secondary backup authenticator. We analyse the cryptographic core of their proposal by modelling a new primitive, called Asynchronous Remote Key Generation (ARKG), which allows some primary authenticator to generate unlinkable public keys for which the backup authenticator may later recover corresponding private keys. Both processes occur asynchronously without the need for authenticators to export or share secrets, adhering to WebAuthn's attestation requirements. We prove that Yubico's proposal achieves our ARKG security properties under the discrete logarithm and PRF-ODH assumptions in the random oracle model. To prove that recovered private keys can be used securely by other cryptographic schemes, such as digital signatures or encryption schemes, we model compositional security of ARKG using composable games by Brzuska et al. (ACM CCS 2011), extended to the case of arbitrary public-key protocols. As well as being more general, our results show that private keys generated by ARKG may be used securely to produce unforgeable signatures for challenge-response protocols, as used in WebAuthn. We conclude our analysis by discussing concrete instantiations behind Yubico's ARKG protocol, its integration with the WebAuthn standard, performance, and usability aspects.
Nick Frymann, Mark Manulis (University of Surrey) (2019) Securing Fleets of Consumer Drones at Low Cost
In recent years, the use and suitability of drones for many applications, including surveillance, search and rescue, research, agriculture and civil engineering, has greatly increased due to their improved affordability and improved functionality. However, low-cost consumer drones are rarely designed to work in fleets, which limits the applications for which business, research and individuals may deploy such drones. Proprietary, commercial and bespoke options are available at higher cost and existing solutions providing fleet functionality have limited security, if any, which excludes their use for sensitive applications. In this paper, we discuss the repurposing of consumer off-the-shelf (COTS) drones for use in secured fleets and provide the design, implementation and evaluation of a complete approach for creating end-to-end secured fleets of consumer drones (SFCD). We present a protocol for securing communications within fleets whilst employing more efficient symmetric key cryptography throughout to reduce the impact of our security on the limited and resource-constrained COTS drones, exploiting the characteristics of a fleet with an online and central ground control station, which may act as a key distribution centre. The protocol allows an arbitrary number of channels to be established to authenticate and optionally encrypt real-time data transmitted on these channels. We also discuss routing in fleets, as well as the control and monitoring of them, to allow SFCD to be fully deployed; providing an extensive and thorough solution. Our experimental evaluation confirms the suitability of low-cost consumer drones for use in SFCD, with flight time impacted by only 9.9% and worst-case bandwidth of 4.7Mibit/s.