feat: add FIDO2 section with technical foundations and authentication challenges
This commit is contained in:
@@ -29,6 +29,37 @@
|
||||
file = {C:\Users\Dominik\Zotero\storage\PTHW773Q\Bub et al. - 2015 - Sicherheit im Wandel von Technologien und Märkten.pdf}
|
||||
}
|
||||
|
||||
@article{catalano2025,
|
||||
title = {Defeating {{FIDO2}}/{{CTAP2}}/{{WebAuthn}} Using Browser in the Middle and Reflected Cross Site Scripting},
|
||||
author = {Catalano, Christian and Chezzi, Andrea and Barletta, Vita Santa and Tommasi, Franco},
|
||||
year = {2025},
|
||||
journal = {Journal of Computer Virology and Hacking Techniques},
|
||||
volume = {21},
|
||||
number = {1},
|
||||
publisher = {{Springer Science and Business Media LLC}},
|
||||
issn = {2263-8733},
|
||||
doi = {10.1007/s11416-025-00556-2},
|
||||
urldate = {2025-07-14},
|
||||
abstract = {In our modern digital landscape, web browsers play a crucial role as gateways to large amounts of information and services. However, recent developments have demonstrated that the very features that make browsing convenient and seamless can be exploited by malicious actors through a potent threat vector known as the ``Browser-in-the-Middle'' (BitM) attack. Most of the Multi-Factor Authen- tication (MFA) security measures are shown to be ineffective to prevent BitM attacks. However, the FIDO2 Project that includes CTAP2 protocol that works together with the Web Authentication API (WebAuthn API) has been proven to be a virtually unattackable MFA method by current state-of-the-art BitM implementations. At least until now. This work expands the range of applica- ble scenarios where BitM attack can be used by taking its technical architecture a step further: we show how the effectiveness of BitM---used along a Reflected XSS vulnerability exploitation---can be improved resulting in the novel BitM + attack that proves to be capable of defeating any available MFA method including FIDO2/WebAuthn solutions that rely on hardware dongles and represent the only method of authentication that went undefeated by virtually any phishing attack approach to date.},
|
||||
copyright = {https://creativecommons.org/licenses/by/4.0},
|
||||
langid = {english},
|
||||
keywords = {Vorhanden},
|
||||
file = {C:\Users\Dominik\Zotero\storage\PGFNMK29\Catalano et al. - 2025 - Defeating FIDO2CTAP2WebAuthn using browser in the middle and reflected cross site scripting.pdf}
|
||||
}
|
||||
|
||||
@misc{deinhard2025,
|
||||
title = {{Welche modernen Authentifizierungsm{\"o}glichkeiten gibt es?}},
|
||||
author = {Deinhard, Florian},
|
||||
year = {2025},
|
||||
journal = {IT-Schulungen.com},
|
||||
urldate = {2025-07-12},
|
||||
abstract = {Moderne Authentifizierungsmethoden spielen eine zentrale Rolle in der Absicherung von IT-Infrastrukturen und Benutzerzugriffen. Durch die Entwicklung fortschrittlicher Techniken wie Multi-Faktor-Authentifizierung (MFA), biometrische Verfahren und},
|
||||
langid = {ngerman},
|
||||
file = {C:\Users\Dominik\Zotero\storage\AXP2BY7Y\welche-modernen-authentifizierungsmoeglichkeiten-gibt-es.html},
|
||||
note = {(Zugriff am 12.07.2025)},
|
||||
howpublished = {\url{https://www.it-schulungen.com/wir-ueber-uns/wissensblog/welche-modernen-authentifizierungsmoeglichkeiten-gibt-es.html}}
|
||||
}
|
||||
|
||||
@book{eichstaedt2024,
|
||||
title = {{52 Stunden Informatik: Was jeder {\"u}ber Informatik wissen sollte}},
|
||||
shorttitle = {{52 Stunden Informatik}},
|
||||
@@ -45,6 +76,16 @@
|
||||
file = {C:\Users\Dominik\Zotero\storage\E455ZNKU\Eichstädt und Spieker - 2024 - 52 Stunden Informatik Was jeder über Informatik wissen sollte.pdf}
|
||||
}
|
||||
|
||||
@misc{fido-alliance2019,
|
||||
title = {Client to {{Authenticator Protocol}} ({{CTAP}})},
|
||||
author = {{FIDO-Alliance}},
|
||||
year = {2019},
|
||||
urldate = {2025-07-14},
|
||||
file = {C:\Users\Dominik\Zotero\storage\F7L7LM6I\fido-client-to-authenticator-protocol-v2.0-ps-20190130.html},
|
||||
note = {(Zugriff am 14.07.2025)},
|
||||
howpublished = {\url{https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html}}
|
||||
}
|
||||
|
||||
@book{garbis2024,
|
||||
title = {{Zero Trust Sicherheit: Ein Leitfaden f{\"u}r Unternehmen}},
|
||||
shorttitle = {{Zero Trust Sicherheit}},
|
||||
@@ -61,6 +102,33 @@
|
||||
file = {C:\Users\Dominik\Zotero\storage\8DG9NI4S\Garbis und Chapman - 2024 - Zero Trust Sicherheit Ein Leitfaden für Unternehmen.pdf}
|
||||
}
|
||||
|
||||
@misc{gillis2024,
|
||||
title = {{Was ist Trusted Platform Module (TPM)? - Definition von Computer Weekly}},
|
||||
shorttitle = {{Was ist Trusted Platform Module (TPM)?}},
|
||||
author = {Gillis, Alexander S.},
|
||||
year = {2024},
|
||||
journal = {ComputerWeekly.de},
|
||||
urldate = {2025-07-14},
|
||||
abstract = {Ein Trusted Platform Module (TPM) ist ein spezialisierter Chip, der Hardware mit integrierten kryptografischen Schl{\"u}sseln sichert.},
|
||||
langid = {ngerman},
|
||||
file = {C:\Users\Dominik\Zotero\storage\ERHS8F2D\Trusted-Platform-Module-TPM.html},
|
||||
note = {(Zugriff am 14.07.2025)},
|
||||
howpublished = {\url{https://www.computerweekly.com/de/definition/Trusted-Platform-Module-TPM}}
|
||||
}
|
||||
|
||||
@misc{ionos2021,
|
||||
title = {{CTAP: Protokoll f{\"u}r mehr Sicherheit \& Komfort im Web}},
|
||||
shorttitle = {{CTAP}},
|
||||
author = {{IONOS}},
|
||||
year = {2021},
|
||||
journal = {IONOS Digital Guide},
|
||||
urldate = {2025-07-15},
|
||||
abstract = {Mit FIDO2, WebAuthn und CTAP k{\"o}nnten Passw{\"o}rter bald der Vergangenheit angeh{\"o}ren. Neue Standards setzen stattdessen auf Hardware-Tokens und biometrische Daten.},
|
||||
langid = {ngerman},
|
||||
note = {(Zugriff am 15.07.2025)},
|
||||
howpublished = {\url{https://www.ionos.de/digitalguide/server/sicherheit/client-to-authenticator-protocol-ctap/}}
|
||||
}
|
||||
|
||||
@book{kaufmann2023,
|
||||
title = {{Grundkurs Wirtschaftsinformatik: Eine kompakte und praxisorientierte Einf{\"u}hrung}},
|
||||
shorttitle = {{Grundkurs Wirtschaftsinformatik}},
|
||||
@@ -140,6 +208,19 @@
|
||||
file = {C:\Users\Dominik\Zotero\storage\JHXGLIBP\Pufahl et al. - 2024 - Cybersecurity für Manager Cybergefahren wirksam begegnen – das Kompetenzmodell für die Praxis.pdf}
|
||||
}
|
||||
|
||||
@misc{schwabe2021,
|
||||
title = {{Passwortlose Authentifizierung {\"u}ber FIDO2}},
|
||||
author = {Schwabe, Caroline},
|
||||
year = {2021},
|
||||
journal = {Robin Data GmbH},
|
||||
urldate = {2025-07-14},
|
||||
abstract = {Passwortlose Authentifizierung {\"u}ber FIDO2, Webauthn \& CTAP. Warum das Passwort veraltet ist und welche Sicherheits-Standard g{\"a}ngig sind!},
|
||||
langid = {ngerman},
|
||||
file = {C:\Users\Dominik\Zotero\storage\22H5YPKT\passwortlose-authentifizierung-ueber-fido2.html},
|
||||
note = {(Zugriff am 14.07.2025)},
|
||||
howpublished = {\url{https://www.robin-data.io/datenschutz-akademie/wiki/passwortlose-authentifizierung-ueber-fido2}}
|
||||
}
|
||||
|
||||
@book{trojahn2016,
|
||||
title = {{Sichere Multi-Faktor-Authentifizierung an Smartphones mithilfe des Tippverhaltens}},
|
||||
author = {Trojahn, Matthias},
|
||||
@@ -169,3 +250,16 @@
|
||||
keywords = {Vorhanden},
|
||||
file = {C:\Users\Dominik\Zotero\storage\ND6EMKH4\Tsolkas und Schmidt - 2017 - Rollen und Berechtigungskonzepte.pdf}
|
||||
}
|
||||
|
||||
@misc{vigo2024,
|
||||
title = {{Moderne Authentifizierung: {\"U}bersicht und Anwendungsf{\"a}lle}},
|
||||
shorttitle = {{Moderne Authentifizierung}},
|
||||
author = {Vigo, Jesus},
|
||||
year = {2024},
|
||||
urldate = {2025-07-13},
|
||||
abstract = {Erfahren Sie, was moderne Authentifizierung ist und wie man sie implementiert. Erfahren Sie, wie Sie mit MFA, SSO, OAuth, OpenID Connect und mehr die Sicherheit Ihrer Organisation erh{\"o}hen k{\"o}nnen.},
|
||||
langid = {ngerman},
|
||||
file = {C:\Users\Dominik\Zotero\storage\WKHPL6ZK\moderne-authentifizierung-uebersicht.html},
|
||||
note = {(Zugriff am 13.07.2025)},
|
||||
howpublished = {\url{https://www.jamf.com/de/blog/moderne-authentifizierung-uebersicht/}}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user