Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Module</td><td class="align_center">Function</td><td class="align_center">Descriptions</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left"><i>BCrypt.dll</i></td><td class="align_center"><i>BcryptDeriveKeyPBKDF2</i></td><td class="align_center">Derive a key encryption key through hashing for PIN or <svg height="9.49473pt" id="M39" style="vertical-align:-0.2063999pt" version="1.1" viewbox="-0.0498162 -9.28833 27.6508 9.49473" width="27.6508pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M352 391C352 416 319 448 267 448C236 448 173 423 147 400C107 364 96 332 96 304C96 248 143 210 193 181C241 153 258 124 258 100C258 72 232 38 184 38C151 38 107 66 81 108C77 114 64 116 55 111C34 99 23 84 23 65C23 29 81 -12 134 -12C220 -12 325 61 325 141C325 184 297 215 234 256C194 282 161 309 161 346C161 380 188 401 217 401C255 401 279 380 301 353C308 344 313 341 325 347C341 355 352 371 352 391Z"></path></g><g transform="matrix(.013,0,0,-0.013,5.136,0)"><path d="M391 364C391 409 353 448 295 448C249 448 198 426 152 393C65 331 23 225 23 139C23 14 96 -12 146 -12C198 -12 280 9 367 101L351 124C300 78 242 48 194 48C129 48 109 107 109 162V191C208 213 391 266 391 364ZM313 350C313 305 268 261 113 223C132 334 187 381 217 398C227 404 244 405 261 405C290 405 313 385 313 350Z"></path></g><g transform="matrix(.013,0,0,-0.013,10.518,0)"><path d="M391 364C391 409 353 448 295 448C249 448 198 426 152 393C65 331 23 225 23 139C23 14 96 -12 146 -12C198 -12 280 9 367 101L351 124C300 78 242 48 194 48C129 48 109 107 109 162V191C208 213 391 266 391 364ZM313 350C313 305 268 261 113 223C132 334 187 381 217 398C227 404 244 405 261 405C290 405 313 385 313 350Z"></path></g><g transform="matrix(.013,0,0,-0.013,20.251,0)"><path d="M530 686C535 705 530 712 521 712C504 712 448 684 359 674L358 648H393C437 648 439 646 429 593L400 435C372 447 345 448 332 448C286 448 194 414 144 373C68 311 23 203 23 111C23 26 57 -12 91 -12C120 -12 147 3 188 29C227 54 290 102 341 170H343L322 71C308 6 320 -12 341 -12C373 -12 442 27 501 96L485 120C455 91 422 67 408 67C401 67 401 76 404 91C440 294 479 473 530 686ZM387 375L355 241C326 187 200 53 142 53C126 53 109 73 109 130C109 217 154 337 218 381C240 396 265 404 297 404S372 390 387 375Z"></path></g></svg></td></tr><tr><td class="align_left"><i>Crypt32.dll</i></td><td class="align_center"><i>CryptUnprotectDataNoUI</i></td><td class="align_center">Decrypt all private keys with key encryption keys derived from <i>BcryptDeriveKeyPBKDF2</i> function</td></tr><tr><td class="align_left"><i>NCrypt.dll</i></td><td class="align_center"><i>NcryptOpenKey</i></td><td class="align_center">Generate key handler based on a key name</td></tr><tr><td class="align_left"><i>CryptSvc.dll</i></td><td class="align_center"><i>NgcDecryptData</i></td><td class="align_center">Decrypt the authentication data for a device login</td></tr><tr><td class="align_left" rowspan="2"><i>NgcCtnr.dll</i></td><td class="align_center"><i>DecryptPkcs1</i></td><td class="align_center">Decrypt <svg height="9.49473pt" id="M40" style="vertical-align:-0.2063999pt" version="1.1" viewbox="-0.0498162 -9.28833 27.6508 9.49473" width="27.6508pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M352 391C352 416 319 448 267 448C236 448 173 423 147 400C107 364 96 332 96 304C96 248 143 210 193 181C241 153 258 124 258 100C258 72 232 38 184 38C151 38 107 66 81 108C77 114 64 116 55 111C34 99 23 84 23 65C23 29 81 -12 134 -12C220 -12 325 61 325 141C325 184 297 215 234 256C194 282 161 309 161 346C161 380 188 401 217 401C255 401 279 380 301 353C308 344 313 341 325 347C341 355 352 371 352 391Z"></path></g><g transform="matrix(.013,0,0,-0.013,5.136,0)"><path d="M391 364C391 409 353 448 295 448C249 448 198 426 152 393C65 331 23 225 23 139C23 14 96 -12 146 -12C198 -12 280 9 367 101L351 124C300 78 242 48 194 48C129 48 109 107 109 162V191C208 213 391 266 391 364ZM313 350C313 305 268 261 113 223C132 334 187 381 217 398C227 404 244 405 261 405C290 405 313 385 313 350Z"></path></g><g transform="matrix(.013,0,0,-0.013,10.518,0)"><path d="M391 364C391 409 353 448 295 448C249 448 198 426 152 393C65 331 23 225 23 139C23 14 96 -12 146 -12C198 -12 280 9 367 101L351 124C300 78 242 48 194 48C129 48 109 107 109 162V191C208 213 391 266 391 364ZM313 350C313 305 268 261 113 223C132 334 187 381 217 398C227 404 244 405 261 405C290 405 313 385 313 350Z"></path></g><g transform="matrix(.013,0,0,-0.013,20.251,0)"><path d="M530 686C535 705 530 712 521 712C504 712 448 684 359 674L358 648H393C437 648 439 646 429 593L400 435C372 447 345 448 332 448C286 448 194 414 144 373C68 311 23 203 23 111C23 26 57 -12 91 -12C120 -12 147 3 188 29C227 54 290 102 341 170H343L322 71C308 6 320 -12 341 -12C373 -12 442 27 501 96L485 120C455 91 422 67 408 67C401 67 401 76 404 91C440 294 479 473 530 686ZM387 375L355 241C326 187 200 53 142 53C126 53 109 73 109 130C109 217 154 337 218 381C240 396 265 404 297 404S372 390 387 375Z"></path></g></svg> with the first private key managed by the software key storage provider</td></tr><tr><td class="align_center"><i>SignHashPkcs1</i></td><td class="align_center">Sign challenge <svg height="8.8423pt" id="M41" style="vertical-align:-0.2064009pt" version="1.1" viewbox="-0.0498162 -8.6359 8.28119 8.8423" width="8.28119pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M610 18C585 26 567 34 540 68C517 97 499 128 476 171C452 215 425 276 413 304C496 332 570 394 570 494C570 555 545 595 509 619S419 650 364 650H139L133 622C216 615 219 612 203 527L129 132C112 40 105 36 23 28L17 0H279L285 28C199 34 194 40 211 132L239 284H284C320 284 334 275 351 236C374 182 394 140 420 93C459 23 495 -1 592 -8H600L610 18ZM480 485C480 424 449 372 403 342C374 323 338 316 293 316H245L291 562C296 589 301 601 311 608S337 618 358 618C432 618 480 575 480 485Z"></path></g></svg> with the fourth private key for application login</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Main functions used in the Windows Hello login process. We focus on the role that each function plays in the login process.</div>

Security and Communication Networks

tab1

Table 1

Table 1: Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild 