Security Deep Dive: Hardware-Bound Versus Software-Bound Passkey
Passkeys are seeing rapid adoption. However, where passkeys are generated and stored has an impact on security.
Today, we’re breaking down the security differences between hardware-bound and software-bound passkeys.
Note: given the current ubiquity of passwords, we’ve included them in the comparison to further highlight the security guarantees of hardware and software-bound passkeys.
If you’re familiar with passkeys, then skip ahead to the comparisons. If not, here’s a quick overview.
- What is a passkey?
- What is a hardware-bound passkey?
- What is a software-bound passkey?
- What are the security differences?
- Conclusion
What is a passkey?
Passkeys are digital keys. Specifically, they are a type of authentication credential that uses public-private key cryptography.
On registration, a public-private key pair is created where the public key is sent to the application’s server. The private key is generated and stored in dedicated hardware or the user’s filesystem. When the user signs in, the website or app generates a challenge, which is signed with the passkey's private key. The device verifies the challenge, and if it is valid, the user is signed in.
For more information about passkeys, check out our previous blog on passkeys.
What is a hardware-bound passkey?
A hardware-bound passkey is a type of passkey where the private key is generated and stored in dedicated hardware called Trusted Execution Environments (TEE) and never exposed to software. The processing of the authentication protocol is also performed by the hardware, keeping the private key protected from attackers. Examples of dedicated hardware include trusted computing modules (TPM) and secure enclaves (Apple’s implementation of TEE), or physical security keys.
The only remote attack possible would be on the use of the key by the attacker. While this can be performed remotely (by using software to activate the hardware and use the private key), this is a one-time attack and requires the user to be logged in. The attacker cannot authenticate as the user from an arbitrary time or location.
Compromising a hardware component involves a local, and usually destructive, attack by the bad actor. For local attacks, many hardware devices provide rate-limiting techniques to prevent dictionary attacks that may be attempted by local or remote attackers. As this is enforced by hardware, the defense is as protected as the key itself.
Summary:
- Private key is associated with the user’s device which is considered a “what you have” possession factor.
- Private key is generated, stored, and protected by hardware. It is not exposed to software, users, or high privileged operating systems.
- Typically requires local device biometric or PIN at time of authentication.
- Attacks require physical access to the device.
- An attacker can only gain access to the use of a user’s private key. If the attacker is able to do that, they can still only authenticate as the user once using attack software and only when the user is already logged in.
What is a software-bound passkey?
A software-bound passkey is a type of passkey where the private key is generated by the software and stored on the user’s filesystem. It is often protected by some form of encryption or obfuscation using the user’s operating system (OS) login, such as a local device PIN. The protection of the private key is as strong as the protection afforded by the user’s operating system login.
The software may be a separate application or may be one provided by the web browser. Web Cryptography (WebCrypto), a W3C approved standard, is an example of a web browser feature that enables software-bound passkey creation and usage.
Note: For this discussion, syncable passkeys, or passkeys that can be used across any device connected to a user’s cloud service account, for example Apple’s iCloud and Google Cloud, are software-bound passkeys. This is because most TEEs do not allow the export of the private key, which is what syncable passkeys require—this means the private key is exposed to software at some point.
An attacker may gain access to the private key in two ways:
- Stolen computer
- The attacker has access to the disk image and can perform an offline attack.
- This may be mitigated if the OS provides disk encryption. However, the disk encryption is often protected by a user’s OS login.
- Software attack
- The user may be infected with malicious software that has the ability to gain access to the private key.
- While the OS may provide protections from this, an OS compromise may expose the private key.
Summary:
- Private key is associated with the user’s device which is considered a “what you have” possession factor.
- Private key is generated, stored, and protected by software. It is not exposed to users.
- While a stolen computer is a physical attack, software attack is remote.
- An attacker who gains the user’s private key can authenticate as the user anywhere and anytime
<style>
.table_component {
overflow: auto;
width: 100%;
}
.table_component table {
border: 1px solid #19191a;
height: 100%;
width: 100%;
table-layout: fixed;
border-collapse: collapse;
border-spacing: 1px;
text-align: left;
}
.table_component caption {
caption-side: top;
text-align: left;
}
.table_component th {
border: 1px solid #19191a;
background-color: #ffffff;
color: #0a0a0a;
padding: 5px;
}
.table_component td {
border: 1px solid #19191a;
background-color: #ffffff;
color: #050505;
padding: 5px;
}
</style>
<div class="table_component" role="region" tabindex="0">
<table>
<caption>Table 1</caption>
<thead>
<tr>
<th>Type</th>
<th>Vulnerable to</th>
<th>Level of Protection</th>
<th>Risk if Breached</th>
</tr>
</thead>
<tbody>
<tr>
<td>Password</td>
<td><u>Credential stuffing<br></u>
<p><u><br></u></p><u>Database breach<br></u>
<p><u><br></u></p><u>Phishing<br></u>
<p><u><br></u></p><u>Social engineering<br></u>
<p><u><br></u></p><u>Attacker in the middle</u><br><br>
</td>
<td>Extremely Low<br><br><br><br>
<p>Passwords are user's accessible secrets which can be shared with other devices and users without the knowledge of the service. There is no assurance that the password is protected and is associated with the user. </p>
</td>
<td>High<br><br>
<p>An attacker who gains the user's password can authenticate as the user remotely anywhere and anytime. </p>
<p><br></p>
<p>The risk of a password compromise is a global compromise of the user's authentication to potentially multiple services if the password was reused. </p>
</td>
</tr>
<tr>
<td>Software-bound passkey</td>
<td>
<p>Stolen computer with no OS login protection </p>
<p><br></p>
<p>Remote software attacks </p>
<p><br></p>
<p>Remote attack compromising the user's cloud account with OS platforms </p>
</td>
<td>High<br><br>
<p>Software-bound passkeys authenticate users with phishing-resistant cryptographic keys which provide a high level of assurance.</p>
<p><br></p>
<p>While the risk of remote attacks on software or the users' OS cloud service exists, these attacks require a much higher effort from attackers to execute and are less scalable. </p>
</td>
<td>Medium<br><br><br><br><br><br><br>
<p>An attacker who gains the user's private key can authenticate as the user remotely anywhere and anytime. </p>
<p><br></p>
<p>The risk of a private key compromise is a global compromise of the user's authentication for one service </p>
</td>
</tr>
<tr>
<td>Hardware-bound passkey<br><br>(Sinle Devce)</td>
<td>
<p>Local, destructive attacks </p>
</td>
<td>High<br><br>
<p>Hardware-bound passkeys authenticate users with phishing-resistant cryptographic keys which provide a high level of assurance. The hardware protection of the private key increases the difficulty of attacks significantly given that attackers would need to execute a local, destructive attack on hardware. </p>
</td>
<td>
<p>Low</p>
<p><br></p>
<p><br></p>
<p><br></p>
<p>An attacker can only gain access to the use of the user's private key. </p>
<p><br></p>
<p>The risk of a private key compromise means an attacker can authenticate as the user using attack software but only when the user is logged in. </p>
</td>
</tr>
</tbody>
</table>
<div style="margin-top:8px">Made with <a href="https://www.htmltables.io/" target="_blank">HTML Tables</a></div>
</div>
Conclusion
Authentication methods are not created equal and neither are applications. The right authentication method is a method that would be appropriate for the security and user experience priorities for your application.