DebAuthn: a Relying Party Implementation as a WebAuthn Authenticator Debugging Tool

Abstract

[Abstract] Passwords as an authentication method have become vulnerable to numerous attacks. During the last few years, the FIDO Alliance and the W3C have been working on a new authentication method based on public key cryptography and hardware authenticators, which avoids attacks like phishing or password stealing. This degree thesis focuses on the development of a web application as a flexible testing and debugging environment for developers and researchers of the protocol, still under development. Moreover, the developed tool is used for testing the most relevant hardware authenticators, showcasing their main characteristics.

[Resumo] Os contrasinais como método de autentificación volvéronse vulnerables a numerosos ataques. Durante os últimos anos, a FIDO Alliance e a W3C estiveron traballando nun novo sistema de autentificación baseado en criptografía de chave pública e autentificadores hardware, o que evita ataques como phishing ou roubo de contrasinais. Este traballo de fin de grao céntrase no desenvolvemento dunha aplicación web como un entorno flexible de probas e depuración para desenvolvedores e investigadores do protocolo, aínda en desenvolvemento. Ademais, a ferramenta desenvolvida é usada para probar os autentificadores hardware máis relevantes, mostrando as súas características principais.