Publications
カンファレンス (国内) AD-DP: Device-Aware Anomaly Detection for Securing WebAuthn Passkey Authentication
Khin Win Myat Mon (Ritsumeikan University), Shuji Yamaguchi (LY Corporation/RItsumeikan University), Hidehito Gomi, Tetsutaro Uehara (Ritsumeikan University)
Computer Security Symposium 2025 (CSS 2025)
2025.10.30
The evolution of FIDO2/WebAuthn from device-bound credentials to cloud-synced passkeys has opened new attack surfaces that traditional cryptographic checks cannot detect. In particular, attackers can exploit by using valid passkeys from unassociated or malicious devices and enabling Man-in-the-Middle (MitM) threats such as those shown in the CTAP Hijacking academic paper. This paper introduces AD‑DP (Anomaly Detection through Device Profiling), a server-side enhancement designed to close this security gap. AD‑DP establishes a trusted relationship between users, credentials, and devices by profiling authentication behavior over time. It enables Relying Parties(RPs) to detect anomalous device usage before completing WebAuthn flows, providing an additional layer of real-time defense without modifying the standard protocol. We present the rationale for the design, the architectural components, and an evaluation plan. Our proposal addresses a critical gap in WebAuthn authentication by enabling servers to assess the legitimacy of the authenticating device, not just the credential, within existing authentication flows.
Paper :
AD-DP: Device-Aware Anomaly Detection for Securing WebAuthn Passkey Authentication
(外部サイト)