CERN Accelerating science

Evaluation and Implementation of SQRL and U2F as 2nd Factor Authenticators for CERN Single Sign-On

Date published: 
Tuesday, 1 September, 2015
Document type: 
Summer student report
A. Nadeem
Secure Quick Reliable Login (SQRL) and Universal 2nd Factor (U2F) are two new strong authentication protocols. They both operate on a challenge-response model and use Asymmetric key encryption. SQRL aims to replace user names and passwords because they are our identity and we cannot trust the websites to keep our personal information safe. In order to authenticate against a SQRL aware service, one has to use the SQRL application on his phone. A perk of using SQRL is that the users only need to remember a master password for the SQRL application itself rather than passwords to all the different authentication services they use. U2F, on the other hand, is hosted by the FIDO alliance. It has been adapted by big companies, such as Google, Visa, Yubico, etc. It requires a physical U2F enabled token on the client side and a U2F aware authentication service on the server side. After an evaluation of the two protocols, we have come to a conclusion that at this point, U2F is a better option than SQRL. Hence, a web application has been implemented and deployed on CERN web servers to demonstrate the functionality of U2F.