FIDO: Cryptographic Binding Should Not be Optional

Enis Golaszewski
Department of CSEE, UMBC

Friday, September 24, 2021
remotely via WebEx:

Recording of Talk.


We present a case study of the FIDO Universal Authentication Framework (UAF) authentication protocol, illustrating how cryptographic binding mitigates man-in-the-middle and protocol-interaction attacks. The FIDO protocol cryptographically binds protocol data to an underlying authenticated communication channel using an optional channel-binding mechanism. We carry out formal-methods analysis using the Cryptographic Protocol Shapes Analyzer (CPSA) on two versions of the protocol: with and without channel-binding. Our analysis confirms that channel-binding prevents instances of the FIDO authentication protocol from interacting with each other, mitigating a potential man-in-the-middle attack.

We assert that cryptographic binding is crucial for mitigating protocol-interaction, which is the basis for many structural attacks on protocols. A protocol that fails to bind data to a specific communication context enables an adversary to manipulate messages between instances of itself and with separate protocols. To build protocols that resist protocol interaction, protocol designers must implement and mandate mechanisms that bind contextual protocol elements (identities, tokens, secrets) to the communication context in which they appear. Making channel binding optional creates a serious potential vulnerability in FIDO UAF.

About the Speaker:

Enis Golaszewski is a PhD student and former SFS scholar in computer science working with Dr. Sherman on formal-methods analysis of PAKE protocols.
He can be reached


Alan T. Sherman,

Upcoming CDL Meetings:

Oct 8, Josiah Dykstra, Action bias
Oct 22, TBA
Nov 5, David Chaum and Bart Preneel, VoteXX
Nov 19, Michael Oehler, What the FLoC?
Dec 3, TBA

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.