CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2
Abstract: The talk covers the security and privacy of FIDO2, a standard and pervasive authentication technology. We focus on CTAP, an application layer protocol used during second-factor or single-factor authentication by a FIDO2 Authenticator and a FIDO2 Client, like a Yubikey USB/NFC dongle and a laptop. We uncover two new attack classes on CTAP called