Does injecting my own key material into the authenticator undermine authenticator's attestation?

The argument is that, if you supply your own key material, the key manufacturer has no way to verify that the key material is sufficiently random, not stored elsewhere, etc. Imagine if you are the victim of a sophisticated targeted attack, and you generate the key material on a computer that has malware on it which exfiltrates it to the attacker. Or perhaps a supply chain attack, Alice sets the key material then hands the authenticator to Eve to deliver it to Bob, but by the time Bob receives it Eve has changed the key material to a value she knows. This would be fixed by Bob setting his own key material, but then Alice has to trust Bob to do that correctly.

It sounds like Yubico wants to be able to say "if an attestation is verified up to our root cert, we guarantee that the associated keypair comes from a Yubikey, and the key material used to create the keypair was generated securely by us and is stored only on the authenticator." If they allowed you to set your own key material they would no longer be able to make that guarantee.

Now this doesn't really matter for public websites, and most (or all) public websites that allow U2F or WebAuthn for 2nd factor don't bother checking attestation at all. But for something like a high security intranet, there could be value in auditing a small number of authenticator manufacturers and using attestation to only allow authenticators from those manufacturers. In that scenario not being able to modify the key material could be seen as an advantage.

Also, it looks a bit ironic since these days financial institutions tend to trust SMS and not U2F, even though SMS is anything but secure.

I imagine he's talking about employees of a financial institution rather than clients.

Tags:

Fido

U2F

Fido2