The current FIDO authenticator landscape is dominated by closed source, smartcard-based roaming, and intransparent platform authenticator implementations. Meanwhile, the security conscious of today are more and more expecting open source security that is auditable and even modifiable, for instance to allow integration of a custom PKI infrastructure with the FIDO metadata service.
In this talk, we describe how the twenty year old legacy of smartcards and Java Card can be replaced by leveraging the qualities of a new programming language, Rust, to deliver reference implementations that can run on open microcontrollers (with security features), but also scale up to larger system-on-chip and “soft” platform authenticators.
Not only does this increase the spread, usability and trust in FIDO-based authentication. What is more, an open source approach opens the door to new developments such as threshold signatures (multi-party computation) and anonymous credentials (zero-knowledge proofs).
Time permitting, we will also touch on how we overcame the challenge that there exists not a single non-smartcard microcontroller that can be passively powered in an NFC field, to build a state of the art dual-interface FIDO authenticator based on an ARM Cortex-M33 platform.