search

mphi-rc / pi-zero-security-key

A FIDO2 USB security key implementation for the Raspberry Pi Zero
Apache License 2.0
66 stars 7 forks source link

Other nice to haves #1

Open davedoesdev opened 4 years ago

davedoesdev commented 4 years ago

Great project! Just wondering how difficult you think the following would be:

mphi-rc commented 4 years ago

Thanks for the interest!

Use of a secure element (e.g. Adafruit Infineon Trust M Breakout Board) for crypto

I think it'd be pretty practical to support this hardware. It'd introduce a few limitations though:

It would require some faith in the (closed source) Infineon implementation. With elliptic curve crypto, it's critical to use good random numbers when generating keypairs and Infineon has been caught taking shortcuts before.

Depending on the implementation of signature generation, good random numbers may also be required. At the moment, the code uses deterministic ECDSA signatures and therefore doesn't require any randomness, but I can't find documentation describing whether this secure element is implemented the same way.

It's not unexpected, but the secure element only supports the P-256 elliptic curve. Ideally we'd like to use newer crypto like Ed25519 as there are fewer implementation pitfalls and more transparent initialization constants. The current implementation prioritizes ed25519 over P-256 and it'd be a shame to drop support.

With the Trust M there are four slots for keypairs, so they'd end up being reused across websites. At the moment a fresh keypair is generated for every website. This is a bit like reusing usernames -- ideally it should be avoided to minimize metadata leaks, but it's not insecure, per se.

I really like the idea of utilizing a secure element so I'll do a bit of research and see if I can find one without these limitations.

PIN entry on the Pi itself (using a mounted keypad)

This could be implemented quite easily. The UserVerifier interface can be used to implement any kind of additional user verification step.

As far as I understand, the implemented FIDO PIN protocol is intended to prevent a physically stolen security key being used authenticate to websites without knowledge of the PIN. A physical keyboard would definitely mitigate the risk of a keylogger, but so too does a physical push button.

davedoesdev commented 4 years ago

Yes I agree Ed25519 would be nice.

Re the PIN, I'm just thinking about people re-using the same PIN, such as their bank PIN - wouldn't want a keylogger capturing that.