Accountable authentication with privacy protection: The Larch system for universal login
Emma Dauterman
Video,Slides
Abstract:
Credential compromise is hard to detect and hard to mitigate. To address this problem, we present larch, an accountable authentication framework with strong security and privacy properties. Larch protects user privacy while ensuring that the larch log server correctly records every authentication. Specifically, an attacker who compromises a user’s device cannot authenticate without creating evidence in the log, and the log cannot learn which web service (relying party) the user is authenticating to. To enable fast adoption, larch is backwards-compatible with relying parties that support FIDO2, TOTP, and password-based login. Furthermore, larch does not degrade the security and privacy a user already expects: the log server cannot authenticate on behalf of a user, and larch does not allow relying parties to link a user across accounts. We implement larch for FIDO2, TOTP, and password-based login. Given a client with four cores and a log server with eight cores, an authentication with larch takes 150ms for FIDO2, 91ms for TOTP, and 74ms for passwords (excluding preprocessing, which takes 1.23s for TOTP). This talk is based on joint work with Danny Lin, Henry Corrigan-Gibbs, and David Mazières appearing at OSDI 2023.
Bio:
Emma Dauterman is a rising fifth-year Ph.D. student studying computer science at UC Berkeley where she is advised by Raluca Ada Popa and Ion Stoica. She is broadly interested in building secure systems using cryptography. Her work is supported by a Microsoft Ada Lovelace Research Fellowship and a NSF GRFP Fellowship. Emma completed her B.S. and M.S. at Stanford, where she was advised by David Mazières.