Dynamic Digi al Iden i y: De ice-Bound Epheme al
Au hen ica ion wi h P oo o Possession
Luiz Rica do Man o ani da Sil a
P o esso a Uni e sidade do Sag ado Co ação (UNISAGRADO)
Bau u, SP, B azil
E-mail: man o [email p o ec ed]
Abs ac —We p opose Dynamic Digi al Iden i y
(DDI): an au hen ica ion mechanism ha issues, a
each login, an epheme al iden i y (a “mu a ing key”)
only a e a c yp og aphic p oo o possession o a
p i a e key p o ec ed by ha dwa e on he use ’s de-
ice. Unlike SMS OTP o 2FA o e agile channels,
DDI combines WebAu hn/FIDO2 (p oo o possession
and de ice a es a ion when applicable) wi h sho -
li ed session okens signed by KMS/HSM and channel-
bound o p e en eplay. We discuss he h ea model,
secu i y p ope ies ( esis ance o phishing, eplay, SIM
swap, and c eden ial cloning), and an e alua ion plan
wi h echnical and usabili y me ics. We si ua e he
wo k ela i e o s anda ds and guidance (W3C WebAu-
hn, FIDO2/CTAP; NIST SP 800-63B-4; CISA/GSA).
Expec ed esul s: educed a ack su ace compa ed o
SMS OTP and sec e - euse MFA, wi hou equi ing
dedica ed ex e nal apps [1], [2], [3], [4].
Index Te ms—WebAu hn; FIDO2; CTAP; passkeys;
phishing- esis an MFA; SIM swap; digi al iden i y;
KMS/HSM.
I. In oduc ion
Passwo ds and SMS OTP ace c eden ial he , eal-
ime phishing, eplay, and SIM swap isks. Recen guid-
ance classi ies WebAu hn/FIDO2 as phishing- esis an by
elimina ing sha ed sec e s and binding c eden ials o do-
main and de ice [1], [3], [4]. In pa allel, NIST SP 800-
63B-4 (Jul. 2025) upda es au hen ica o assu ance le els
and highligh s isks o ou -o -band channels like SMS [2].
Empi ical s udies show p ac ical impac s o SIM swap [5].
This wo k p esen s Dynamic Digi al Iden i y (DDI),
which enews he “p esen ed iden i y” a e e y login (an
epheme al oken) a e p oo o possession o a p i a e
key gene a ed and held in-de ice (TPM, Secu e Encla e,
And oid Keys o e) ollowing WebAu hn/CTAP [1], [6], [7].
Con ibu ions
•P o ocol: de ailed design wi h p oo o possession, op-
ional a es a ion, and issuance o a channel-bound
epheme al iden i y.
•Th ea mapping: able summa izing a acks and mi iga-
ions.
•E alua ion plan: secu i y, usabili y, and eliabili y me -
ics wi h a pilo p oposal.
•Adop ion eadiness: alignmen o s anda ds
(W3C/FIDO2) and egula o y guidance (NIST/-
CISA/GSA).
II. Rela ed Wo k
WebAu hn/FIDO2 and CTAP de ine public-key c eden-
ials wi h p oo o possession and op ional a es a ion [1],
[6], [7]. NIST SP 800-63B-4 ocuses on au hen ica ion and
au hen ica o li ecycle, AAL2/AAL3, and SMS isks [2].
CISA/GSA p o ide guidance on phishing- esis an MFA
and ze o us [3], [4]. SIM swap s udies expose weaknesses
o elephony channels [5].
Gap: Few sys ema ic desc ip ions exis o p o ocols
wi h session-bound epheme al iden i y ha a oid ex e nal
au hen ica o s and manual code e-en y, while p ese ing
de ice a es a ion and session binding.
III. Th ea Model
Ad e sa y capabili ies: (i) eal- ime phishing; (ii) Mi M;
(iii) SIM swap; (i ) de ice he ; ( ) malicious en ollmen ;
( i) clien malwa e; ( ii) oken eplay. Goals: impe son-
a ion; ake-de ice egis a ion; oken euse; key cloning.
Assump ions: se e signing keys in KMS/HSM; sound
TLS; non-expo able p i a e keys in secu e elemen s; ac-
i e isk and e oca ion policies.
IV. P oposed Sys em (DDI)
A. P inciples
1) P oo o possession ia challenge– esponse.
2) De ice a es a ion (when a ailable) o hinde cloning
[1].
3) Sho -li ed session oken signed in KMS/HSM wi h
channel binding.
4) Renew a e e y login: ne e euse he p esen ed iden-
i y.
5) Secu e eco e y and e oca ion (loss/ he ).
B. Flows (simpli ied)
En ollmen
S -> C: nonce_e, policy
C: (sk, pk) <- gene a e_in_secu e_elemen ()
a <- a es a ion(pk, de ice)
sig_e <- sign(sk, nonce_e)
C -> S: {pk, a , sig_e, use _id}
S: e i y(a , sig_e, policy); egis e (pk,
de ice_me a)
TABLE I
Th ea s and mi iga ions in he DDI p o ocol
Th ea Mi iga ion (summa y)
Phishing/Mi M O igin binding, unique challenge, channel
binding
Replay Epheme al oken (sho TTL), sid, pos -use
in alida ion
SIM swap Elimina ion o SMS/ oice (public-key)
Key cloning Non-expo able keys, a es a ion, e oca-
ion
De ice he Local unlock (PIN/biome ics); emo e e-
oca ion
Au hen ica ion + Epheme al Iden i y
C -> S: s a (use _id)
S -> C: nonce_a, sid, cbin o
C: p oo <- sign(sk, nonce_a || sid || cbin o)
C -> S: {p oo , de ice_me a}
S: e i y(p oo , pk[use _id]); isk_check()
S -> C: EI <- sign_KMS({use _id, sid, ia , exp,
cbin o})
C. Buil -in Coun e measu es
•An i-phishing/Mi M: o igin binding (WebAu hn) + o-
ken channel binding; unique nonce [1].
•An i- eplay: session id (sid) + sho expi y + pos -use
in alida ion.
•An i-SIM swap: no SMS/ oice; public-key au hen ica-
ion [3].
•An i-cloning: non-expo able keys in secu e elemen s;
op ional/s ic a es a ion in egula ed con ex s [1].
•Se e : oken-signing keys p o ec ed in KMS/HSM ( o-
a ion and key ce emony).
V. Secu i y P ope ies
Resis ance o phishing and eplay; no c eden ial euse;
local p oo o possession (PIN/biome ics); po en ial o
AAL2/AAL3 depending on policy and au hen ica o ype
[2].
VI. E alua ion Me hodology
En i onmen : OIDC backend wi h KMS/HSM; We-
bAu hn on end; clien s: mode n b owse s, iOS/And oid
(passkeys), and secu i y keys (e.g., YubiKey) [1], [7].
Me ics: secu i y (phishing success, eplay esis ance,
SIM swap e ec ), usabili y (p50/p95 ime, abandonmen ,
SUS/NPS), eliabili y (pe -pla o m ailu es) and KMS
a ailabili y. Design: A/B be ween SMS/App OTP and
DDI; lab a acks (Mi M, eplay); ield pilo (500–5,000
use s).
VII. Discussion, Limi a ions, and Risks
Pla o m suppo o a es a ion may a y; legacy de-
ices equi e highe - ic ion allback; accoun eco e y
mus be obus o a oid social-enginee ing a enues; p i-
acy: minimize a es a ion me ada a; in e ope abili y wi h
OIDC/SAML.
VIII. Regula o y and Ma ke Implica ions
Compliance wi h NIST SP 800-63B-4 (AALs) and
CISA/GSA guidance on phishing- esis an MFA; align-
men wi h ze o- us s a egies suppo s adop ion in bank-
ing, in ech, and digi al go e nmen [2], [3], [4].
IX. Conclusion
DDI in oduces an epheme al iden i y issued a e p oo
o possession o a ha dwa e-p o ec ed p i a e key, educing
phishing, eplay, and SIM swap a acks while p ese ing
good usabili y. Cu en s anda ds and guidance suppo
he app oach and acili a e adop ion in inancial and
go e nmen sec o s [1], [2].
A i ac and Rep oducibili y
Code/p o o ype: h ps://gi hub.com/
LuizRMSil a1973/Segu anca.
Acknowledgmen s
We hank he echnical communi y discussions and
anonymous e iewe s.
Re e ences
[1] W3C Web Au hen ica ion Wo king G oup, “Web au hen ica ion:
An api o accessing public key c eden ials — le el 3,” h ps:
//www.w3.o g/TR/webau hn-3/, 2025, w3C TR. Accessed 2025-
10-04.
[2] D. Temoshok, J. Fen on, Y.-Y. Choong, N. Le ko i z,
A. Regenscheid, R. Galluzzo, and J. Riche , “Digi al
iden i y guidelines: Au hen ica ion and au hen ica o man-
agemen ,” Na ional Ins i u e o S anda ds and Technology,
Special Publica ion 800-63B-4, 2025. [Online]. A ailable:
h ps://cs c.nis .go /pubs/sp/800/63/b/4/ inal
[3] Cybe secu i y and In as uc u e Secu i y Agency, “Im-
plemen ing phishing- esis an m a,” Tech. Rep., 2022,
ac shee . Accessed 2025-10-04. [Online]. A ail-
able: h ps://www.cisa.go /si es/de aul / iles/publica ions/
ac -shee -implemen ing-phishing- esis an -m a-508c.pd
[4] IDManagemen .go (GSA), “Phishing- esis an au hen ica o
playbook,” h ps://www.idmanagemen .go /playbooks/
al au hn/, 2024, accessed 2025-10-04.
[5] K. Lee, B. Kaise , J. Maye , and A. Na ayanan, “An
empi ical s udy o wi eless ca ie au hen ica ion o sim
swaps,” in Six een h Symposium on Usable P i acy and
Secu i y (SOUPS 2020), 2020. [Online]. A ailable: h ps:
//www.usenix.o g/sys em/ iles/soups2020-lee.pd
[6] FIDO Alliance, “Fido alliance speci ica ions ( ido2, c ap, u2 ),”
h ps:// idoalliance.o g/speci ica ions/, 2025, accessed 2025-10-
04.
[7] Yubico De elope s, “Clien o au hen ica o p o ocol (c ap)
o e iew,” h ps://de elope s.yubico.com/CTAP/, 2025, ac-
cessed 2025-10-04.
