Proof-of-device, or pod, is another take at 2FA or rather U2F. Here, however, the burden of storing keys for signing and proving your identity is managed by the SGX enclave. The service you're authenticating with sends you challenge which you sign using a private key embedded within the enclave in your Intel CPU. The system is very secure since not even you have the knowledge of the private key that's stored within the enclave.
The project comprises of four main components:
pod-enclave
-- This is where the private key used for signing authentication challenge requestspod-app
-- This is the native app that pod uses to interface with the pod-enclave
. It implementspod-ext
-- This is the browser extension connects pod to generate quote and sign the challenge for the pod-web authentication mechanism.pod-web
-- This is the web app pod-ext connects as a GUI for the end user of the pod.pod-server
-- This is the web server that the service provider who offers pod as an added authenticationFor each of the components, follow the links to learn more and check out how to build and run them.
This project currently builds and was tested on Linux only (both Ubuntu 18.04 and Arch). In the future, it is envisaged to support Windows however.