Implementation of an extended FIDO2 authenticator using Attribute-Based Signatures.

Passwords has been used as an authentication method for Web services, but it has some issues in terms of usability and security. FIDO solves these problems and is now being used as an authentication method. It consists of two elements: signature verification using public key cryptography and local authentication using an authenticator such as a user's device. It is a robust authentication method that is resistant to current mainstream attacks. When FIDO authentication is used to grant special access rights to agents other than the user, it is necessary to implement access control as a system. We propose to extend the specification of FIDO authentication to use Attribute-Based Signatures, where the access control is based on the cryptographic used for authentication. We also implement an extended FIDO authenticator for the proposed method.