Author: Sander Dijkhuis (Cleverbase)
License: Creative Commons Attribution 4.0 International
This document introduces the SCAL3 with CTAP2 scheme, a scheme to meet the SCAL3 requirements based on the FIDO Client to Authenticator Protocol version 2 (CTAP2). With this solution, subscribers can deploy a FIDO CTAP2 authenticator with PIN protection, such as a YubiKey, as a Multi-Factor Cryptographic Device.
To map terminology from the SCAL3 introduction:
- device: a CTAP2 authenticator
- subscriber: user interacting with the device using a CTAP2 client, enrolling with a local authentication mechanism such as PIN verification
- tamper-evident log: a transparency log or tlog
- central system: typically is a HSM-backed service for managing encryption and/or signing keys for the subscriber
Each tlog record is based on an authenticator assertion based on client data. This specification assumes that the authenticator signs using an ECDSA key pair that was attested to the provider during enrollment.
<number> || <timestamp> || <nonce> || <authenticator> || <signature> || <instruction>
number
: log sequence number, maintained between subscriber and provider (4 bytes, see below)timestamp
: timestamp generated by the provider (8 bytes)nonce
: random challenge number to be used once, generated by the provider (8 bytes)authenticator
: authenticator data as per CTAP2signature
: authenticator assertionecdsa(<authenticator> || sha256(<client_data>))
as per CTAP2client_data
:<key> || <timestamp> || <nonce> || <instruction>
instruction
: HSM-backed key management instruction, generated by the subscriber
The 4-byte log sequence number
is a big-endian encoded strictly increasing number starting at 0 upon enrollment of a subscriber.
Using these numbers, the subscriber and provider can verify integrity of the protected tlog.
Optionally, the numbers may be encrypted in such a way that the subscriber can share records without disclosing the amount of previously recorded instructions.
- Provider determines
key
andtimestamp
. - Provider generates
nonce
. - Provider shares
key
,timestamp
andnonce
with Subscriber in a challenge. - Subscriber determines
instruction
andclient_data
. - Subscriber creates
authenticator
andsignature
using their authenticator. - Subscriber responds to Provider with the results.
- Provider validates the input and verifies the signatures.
- Provider writes the record to the protected tlog.
After successful authentication and subsequent authorization, Provider executes instruction
and returns the result.
The usage of a log sequence number shared between the subscriber and provider is inspired by the NL Wallet Solution Architecture v1.0.3 draft by MinBZK.