tatyana-arnaudova - english

Fast Identity Online/FIDO/

Tatyana Arnaudova

Contents:

- Introduction

- How FIDO works?

- What Makes FIDO Different ?

– Advantages and

Disadvantages

FIDO's aim is that its specifications will support a full range of authentication

technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as

existing solutions and communications standards,

such as Trusted Platform Modules (TPM), USB security

tokens, embedded Secure Elements (eSE), smart cards, and near field communication

(NFC).

The USB security token device may be used to authenticate using a simple password or by pressing a button. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds.The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.

FIDO Registration

1.  User choose an available FIDO authenticator

2. User unlocks the FIDO authenticator

3. User’s device creates a new public/private key pair unique for the local device, online service and user’s account.

4. Public key is sent to the online service

FIDO Login1.  Login

2. User unlocks the FIDO authenticator using the same method as at Registration time

3. Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge

4. Login complete

- User registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc.

Universal Authentication Framework (UAF) Protocol

- Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.

Universal Authentication Framework (UAF) Protocol

U2F – User Second Factor Protocol

- U2F allows online services to increase the security of their existing password infrastructure by adding a strong second factor to user login. This factor allows the service to simplify its passwords (e.g. 4–digit PIN) without compromising security.

-The user can use their FIDO

U2F device across all

online services that support the

protocol leveraging

built–in support in web

browsers.

U2F – User Second Factor Protocol

The Mission of the FIDO Alliance is to change the nature of online authentication by: Developing

technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the

reliance on passwords to authenticate users. Operating industry programs to help ensure

successful worldwide adoption of the Specifications. Submitting mature technical Specification(s) to

recognized standards development organization(s) for formal standardization.

Disadvantages:- We need appropriate hardware;- Forget the device;

Advantages:- Choice based on standards;- Users don't need to use complex password, deal with complex strong password rules and or go through recovery procedures when they forget a password;- Waterproof USB-Security Key device;

Sources:

1. https://fidoalliance.org2. https://en.wikipedia.org/wiki/FIDO_Alliance 3. http://zonese7en.com/ostp-could-this-lead-to-the-elimination-of-passwords/ 4.http://searchsecurity.techtarget.com/definition/FIDO-Fast-Identity-Online

Thank you for your attention!