Post-quantum cryptography: How login procedures remain secure
The elimination of passwords for login processes on the Internet has been a hot topic in IT security research for many years. Passwords themselves introduce a wide range of security problems. Around two years ago, the FIDO Alliance, in which Internet giants such as Google, Microsoft, Facebook, and Amazon have joined forces, announced, together with the World Wide Web Consortium (W3C), that it would introduce a secure, password-free alternative with FIDO2 (Fast Identity Online 2). However, users still can log on to only a few online services with a security key and a second factor such as fingerprint, PIN, or USB stick instead of only the customary password. It will be some time before the password-less solution finally becomes established. This time will also be spent on developing quantum computers, which could make previous encryption methods insecure in one fell swoop. CISPA researcher Dr. Jacqueline Brendel is currently investigating how the FIDO2 login procedure can be made post-quantum secure and has received a Microsoft Identity Project Grant of more than 60.000 euros for her work.
Internet communication security is based primarily on public-key cryptography, which has existed since the 1970s and in which the sender and receiver use different keys. These so-called asymmetric encryption methods are essentially based on two mathematical problems that cannot be solved efficiently even by supercomputers and are therefore currently considered secure. Quantum computers, on the other hand, would very well be able to break the encryption based on these mathematical problems, Brendel explains. As soon as they are powerful enough and can be used - researchers expect this to happen in the next 14 to 30 years - almost all of our data will become insecure at once: from bank PINs to log-ins for social media accounts. To prevent this from happening, IT researchers worldwide have been working for years to develop post-quantum secure systems. The U.S. National Institute of Standards and Technology (NIST) has also already begun standardizing post-quantum-safe algorithms.
To guarantee security not only for individual devices and systems but on a large scale, researchers need to look at existing protocols. These govern communication on the Internet. It is not just a question of who sends what to whom and when and how this data is transported, but also how it remains secure in the process. Some important Internet protocols, such as TLS (Transport Layer Security), which guarantees security when calling up websites, have already been examined for their post-quantum security, and many researchers are already working on adapting these protocols accordingly, explains Brendel. The security of identity service protocols and login processes, on the other hand, has so far received little attention. Funded by Microsoft, the researcher has been working as project leader since February, together with PhD candidate Mang Zhao, on adapting the protocol of the FIDO2 login process so that it becomes provably post-quantum secure while remaining efficient. In addition, for the transition to the post-quantum computer era to work smoothly, the solution must continue to meet previous security standards - i.e., it must be hybrid in design.
FIDO2 works with the so-called challenge-response technique for authentication. The web server sends a randomly selected bit string (called a challenge) to the user's browser. The browser forwards it to the device, where it is signed with a secret key. This signature goes back to the server, which can use a second public key to verify the signature and thus the person's identity. "We only look at the components of the FIDO2 protocol that are responsible for security," Brendel explains. First, she says, it is important to find out what security requirements the protocol should fulfill. The second important question, she says, is: Who are the attackers, and what are they capable of? "Then we build a security model. In it, we formalize the assumptions and prove in a mathematical way that the protocol meets the security properties."
The project will run until the end of October. It will not be possible to implement a possible security concept in that time. "But that's not a bad thing. For now, it's just a matter of providing an initial starting point for how things could continue in the field," explains Brendel, who has been a postdoc at CISPA in the group of Prof. Dr. Cas Cremers since January 2020. Her research topics are cryptographic analysis of protocols, post-quantum security, and key exchange methods.