@inproceedings{oai:ipsj.ixsq.nii.ac.jp:02008967,
 author = {Khin, Win Myat Mon and 山口,　修司 and 五味, 秀仁 and 上原,哲太郎 and Khin Win Myat Mon and Shuji Yamaguchi and Hidehito Gomi and Tetsutaro Uehara},
 book = {コンピュータセキュリティシンポジウム2025論文集},
 month = {Oct},
 note = {The evolution of FIDO2/WebAuthn from device-bound credentials to cloud-synced passkeys has opened new attack surfaces that traditional cryptographic checks cannot detect. In particular, attackers can exploit by using valid passkeys from unassociated or malicious devices and enabling Man-in-the-Middle (MitM) threats such as those shown in the CTAP Hijacking attack academic paper. This paper introduces AD-DP (Anomaly Detection through Device Profiling), a server-side enhancement designed to close this security gap. AD-DP framework establishes a trusted relationship between users, credentials, and devices by profiling authentication behavior over time. It enables Relying Parties(RPs) to detect anomalous device usage before completing WebAuthn flows, providing an additional layer of real-time defense without modifying the standard protocol. We present the rationale for the design, the architectural components, and an evaluation plan. Our proposal addresses a critical gap in WebAuthn authentication by enabling servers to assess the legitimacy of the authenticating device, not just the credential, within existing authentication flows.},
 pages = {1470--1476},
 publisher = {情報処理学会},
 title = {AD-DP: Device-Aware Anomaly Detection for Securing WebAuthn Passkey Authentication},
 year = {2025}
}