Universal 2nd Factor (U2F) protocol
The user has a U2F device.
The device creates a unique key pair per service. URL based.
The service registers the public key on the user account.
Different services get different keys.
No user tracking.
The service requests a user's device signature for their authentication.
Interface with a U2F device.
JavaScript API (within browsers).
Native OS APIs
U2F Devices
USB devices, with a distinctive, recognizable HID interface
NFC devices
Bluetooth LE devices
Software applications, possibly backed up by hardware security devices.
Devices must have a "test of user presence".
To prevent accessible devices from being used without user content.
Devices cannot respond without such consent.
Consent usually involves touching a button (may involve fingerprint or pin code).
U2F Protocols
Upper layer:
Core cryptographic protocol.
Defines the semantics and contents of the data items exchanged and produced.
Defines the cryptographic operations involved in the processing of those data items.
Lower layer:
Host-device transport protocol.
CTAP (Client To Authenticator Protocol).
Upper layer
User Registration
The U2F device is asked to generate a service-specific key pair. Service is identified with a hash of the service identity.
protocol, hostname, port.
The U2F device generates a key pair. And returns a Key Handle and the public key. These elements are provided to the service. The Key Handle encodes the service identity.
User Authentication
The device checks if the service identity hash is valid for the Key Handle. On success looks up the corresponding private key and uses it to sign the hashed client data.
The signature is returned to the caller, who forwards it to the service for validation, together with the client data.
The service validates the client data, and if valid, validates its signature with the user’s public key.
Certification of U2F devices
Service providers need to be sure about the quality of U2F devices, they need a certification.
U2F have an attestation key pair, with a public key certificate issued by the manufacturer, and manufacturers need to be FIFO certified.
Public keys produced by the device are signed with the attestation private key, to prove they were produced by a certified device.
Anonymity of attestation key pairs
U2F devices cannot have unique attestation key pairs. They would not be anonymous any more. Different services could track a user by their attestation public key.
Attestation key pairs are shared by batches of attestation key pairs, and thus, users' U2F devices cannot be tracked.
Uncertified U2F devices
They can exist and still be used, it all depends on the service.
In this case, services have to have their trust chain for those devices.
FIDO2 and U2F
FIDO2 is backwards compatible with U2F devices.
U2F JS / MessagePort API
JavaScript interface used by services Web pages to interact with U2F devices.
Using a MessagePort API.
Last updated