[webauthn] DPK attestation may create possible side channel attack on the batch key. (#1701)

ve7jtb has just created a new issue for https://github.com/w3c/webauthn:

== DPK attestation may create possible side channel attack on the batch key. ==
For a normal attestation during make credential the batch key is always signing over a new public key, preventing an attacker from controlling the output.

In the DPK case the public key for a given credentialID is a fixed value.   This allows an attacker to repeatedly request a signature with the batch key over the same value.

This may open a hardware authenticator up to a side channel attack on the batch key.

Some algorithms used in smart card environments like RSA and deterministic ECDSA might be vulnerable to this.

Non deterministic ECDSA likely would not be susceptible.

By not including an authenticator generated nonce in the output to be signed we are counting on the underlying crypto to be resistant.

We can :
1) make an authenticator generated nonce required.
2) make an authenticator generated nonce optional.
3) add sufficient security warnings for authenticators to use non deterministic algs, though that may turn out to be lmiting at some point in the future.




Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1701 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 February 2022 19:59:28 UTC