2026-03-09T06:48:43Z https://ipsj.ixsq.nii.ac.jp/oai

oai:ipsj.ixsq.nii.ac.jp:00213584 2025-01-19T17:06:32Z 1164:6389:10492:10740

Certificate Verification under FIDO Authentication Certificate Verification under FIDO Authentication Momoko, Shiraishi Hitoshi, Aida Momoko, Shiraishi Hitoshi, Aida As a variety of financial applications are offered, the security in the authentication of users or transactions is required. FIDO authentication is considered to be resistant to man-in-the-middle attacks in user authentication because only the signed authentication result is returned to the authentication server without sending any secret information. Accordingly, it enables authentication without passwords, which is more user-friendly and has recently been introduced into various applications. However, under the current authentication protocol, if any of the software modules comprising FIDO authentication is infected with malware and behaves improperly, it is possible to lead mis-binding attack, parallel session attack, or DoS attack. In this paper, we specify the attacking paths of which types are the mis-binding attack and the parallel session attack. Afterwards, we propose a protocol to authenticate each software module that constitutes FIDO authentication on a session-by-session basis in order to deal with these attacks. As a variety of financial applications are offered, the security in the authentication of users or transactions is required. FIDO authentication is considered to be resistant to man-in-the-middle attacks in user authentication because only the signed authentication result is returned to the authentication server without sending any secret information. Accordingly, it enables authentication without passwords, which is more user-friendly and has recently been introduced into various applications. However, under the current authentication protocol, if any of the software modules comprising FIDO authentication is infected with malware and behaves improperly, it is possible to lead mis-binding attack, parallel session attack, or DoS attack. In this paper, we specify the attacking paths of which types are the mis-binding attack and the parallel session attack. Afterwards, we propose a protocol to authenticate each software module that constitutes FIDO authentication on a session-by-session basis in order to deal with these attacks. technical report 情報処理学会 2021-11-01 application/pdf 研究報告セキュリティ心理学とトラスト（SPT） 21 2021-SPT-45 1 8 2188-8671 AA12628305 https://ipsj.ixsq.nii.ac.jp/record/213584/files/IPSJ-SPT21045021.pdf eng