Automata Docs
  • Understanding Automata
    • What is Automata?
      • TEE Coprocessor
      • Proof of Machinehood
        • Optimistic Attestation
        • Zero Knowledge Proof
        • Modular Trust
    • Key terms
  • TEE Overview
    • TEE Prover
    • Multi-Prover AVS (EigenLayer)
      • Operator guide
        • Installation
        • Deposit strategies
        • Opt in to run AVS
        • FAQ
    • TEE Compile
      • Getting Started
      • Vendorizing
      • Attestation Report
    • TEE Builder
      • Block Builder Architecture
      • Stateless Executor
    • Verifiable Random Function
      • Why Automata VRF
      • How does Automata VRF work
      • Attestation
  • Build with PoM
    • Introduction
      • Smart contract libraries
      • Attestations on Verax
      • Frequently asked questions
    • Attestation module
      • Machine Attestation
        • Intel SGX
        • AWS Nitro Enclaves
        • Miscellaneous
      • Device Attestation
        • Yubikey
        • Andriod
        • Apple
        • Windows
        • FIDO U2F Authenticator
      • WebAuthn Attestation
        • WebAuthn Attestation Types
        • Attestation Statements & Privacy Impacts
  • Backed by PoM
    • 1RPC
    • L2Faucet
      • Frequently asked questions
  • Protocol
    • App-Specific Rollup
    • Mainnet
    • Testnet
    • Bridge
      • Bridging Native Tokens from L1 to L2
      • Bridging Native Tokens from L2 to L1
    • Explorer
    • Specification
      • Attestation
      • Attestor
      • Smart Contract
  • Research
    • Account Abstraction
    • Decentralized Randomness
    • Maximal Extractable Value
    • Reproducible Build
    • Lightpaper
Powered by GitBook
On this page
  • Purpose of U2f Attestation Statement
  • Key Components
  • U2F Attestation Statement Verification

Was this helpful?

  1. Build with PoM
  2. Attestation module
  3. Device Attestation

FIDO U2F Authenticator

A FIDO U2F (Fast IDentity Online, Universal 2nd Factor) Authenticator is a hardware device that provides an additional layer of security during the authentication process, commonly used to implement two-factor authentication (2FA). It usually takes the form of a USB dongle, but it can also come in other formats like NFC (Near Field Communication) or Bluetooth devices. When a user attempts to log in to a service that supports U2F, the service prompts the user to activate their U2F authenticator, usually by inserting it into a USB port and pressing a button on the device.

Purpose of U2f Attestation Statement

The U2F Attestation Statement serves as a secure method for confirming the legitimacy of FIDO U2F authenticators, which are hardware devices that provide an additional layer of security for online accounts. This statement helps websites and online services trust that the authenticator is valid and that the security features are intact.

Key Components

Attestation Statement Format Identifier

  • Identifier: fido-u2f

Supported Attestation Types

  • Types: Basic, AttCA

Syntax

The syntax for a FIDO U2F attestation statement is formally defined as follows:

plaintextCopy code$$attStmtType //= (
                      fmt: "fido-u2f",
                      attStmt: u2fStmtFormat
                  )

u2fStmtFormat = {
                    x5c: [ attestnCert: bytes ],
                    sig: bytes
                }

Field Definitions

fmt

  • Type: String

  • Description: The attestation format identifier, set to "fido-u2f".

attStmt

  • Type: Object (u2fStmtFormat)

  • Description: The actual attestation statement, structured according to u2fStmtFormat.

x5c

  • Type: Array of bytes (single element)

  • Description: Contains the attestation certificate in X.509 format. This certificate is used to verify the origin and characteristics of the authenticator device.

sig

  • Type: Bytes

  • Description: This is the attestation signature. It is calculated over the raw U2F registration response message received by the client from the authenticator. This serves as cryptographic proof that the attestation certificate and the public key belong together and originate from the authenticator.

U2F Attestation Statement Verification

  1. Format and Syntax Check: Verify that the Attestation Statement (attStmt) follows the correct format (CBOR syntax) and decode it to extract key fields.

  2. Public Key Verification: Confirm that the x5c field contains an appropriate Elliptic Curve (EC) public key over the P-256 curve. This step assures the device's legitimacy.

  3. Data Extraction and Conversion: Retrieve essential data (rpIdHash, credentialId, credentialPublicKey) from authenticatorData and convert the public key to a standard format.

  4. Coordinate Validation: Check the size of the x and y coordinates in credentialPublicKey to confirm they are each 32 bytes.

  5. Signature Check and Attestation: Create a combined data string (verificationData) and validate the device's digital signature (sig). Optionally, identify the attestation type (Basic or AttCA) based on external information.

PreviousWindowsNextWebAuthn Attestation

Last updated 1 year ago

Was this helpful?