An implementation and analysis of FIDO U2F server
Date Issued
2016
Date
2016
Author(s)
Li, Zheng-Yu
Abstract
Many internet services grow fast in recent decades, such as e-mail, electronic payment and e-commerce. The services bring people a more convenient shopping way. However, the services also come with more security concerns. The level of the security was traditionally only decided by the complexity of a user’s password. To enhance the security, the 2-step verification was introduced. The 2-step verification is to deliver a set of the verification code to the users, and let the users to pass the code back to the server for the identity verification. The common ways for doing the 2-step verification include by SMS, by authenticator application, and by email. As all the ways listed above rely on the operation of other services, FIDO (Fast Identity Online) Alliance [1] proposed a new way called U2F (Universal Second Factor) [2] for the 2-step verification. The U2F verification was based on ECDSA (Elliptic Curve Digital Signature Algorithm) [3] and did not need a user to get the verification code from any other way. This thesis is focus on the implementation of the U2F verification from the server side and the analysis of the verification’s performance.
Subjects
2-step verification
ECDSA
Type
thesis
File(s)
Loading...
Name
ntu-105-R03943145-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):9169a06582743b950b98976e6c80d783