A Novel Protocol Using Captive Portals for FIDO2 Network Authentication

Rivera-Dourado, Martiño; Gestal, M.; Pazos, A.; Vázquez-Naya, José

Use this link to cite:

http://hdl.handle.net/2183/36476

A Novel Protocol Using Captive Portals for FIDO2 Network Authentication

Files

RiveraDourado_Martino_2024_A_Novel_Protocol_Using_Captive_Portals_for_FIDO2_Network.pdf (19.13 MB)

Identifiers

URI: http://hdl.handle.net/2183/36476

DOI: 10.3390/app14093610

Publication date

2024

Authors

Rivera-Dourado, Martiño

Gestal, M.

Pazos, A.

Vázquez-Naya, José

Bibliographic citation

Rivera-Dourado M, Gestal M, Pazos A, Vázquez-Naya J. A Novel Protocol Using Captive Portals for FIDO2 Network Authentication. Applied Sciences. 2024; 14(9):3610. https://doi.org/10.3390/app14093610

Abstract

[Abstract]: FIDO2 authentication is starting to be applied in numerous web authentication services, aiming to replace passwords and their known vulnerabilities. However, this new authentication method has not been integrated yet with network authentication systems. In this paper, we introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. Our proposal describes a novel protocol for captive-portal network authentication using FIDO2 Authenticators as security keys and passkeys. For validating our proposal, we have developed a prototype of FIDO2CAP authentication in a mock scenario. Using this prototype, we performed a usability experiment with 15 real users. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.

Description

This paper is an extended version of the paper published in the international conference: 2023 JNIC Cybersecurity Conference (JNIC), Vigo, Spain, 21–23 June 2023.
The developed prototype can be found in Github, published as Open Source: https://github.com/martinord/fido2cap-server (accessed on 23 April 2024).