getting to know the fido specifications - technical tutorial
TRANSCRIPT
![Page 1: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/1.jpg)
GETTING TO KNOW THE FIDO SPECIFICATIONS
Rolf Lindemann, Senior Director Products & Technology, Nok Nok Labs
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 2: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/2.jpg)
2
How Secure is Authentication?
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 3: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/3.jpg)
3
Cloud Authentication
DeviceSomething Authentication
Risk Analytics
Internet
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 4: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/4.jpg)
4
Password Issues
DeviceSomething Authentication
Internet
Password could be stolen from the server
1Password might be entered into untrusted
App / Web-site (“phishing”)
2
Too many passwords to remember
(>re-use / cart Abandonment)
3
Inconvenient to type password on
phone
4
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 5: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/5.jpg)
5
Classifying Threats
Remotely attacking central serverssteal data for impersonation
Remotely attacking lots of user devices
steal data for impersonation
Remotely attacking lots of user devices
misuse them for impersonation
Remotely attacking lots of user devices
misuse authenticated sessions
Physically attacking user devicessteal data for impersonation
Physically attacking user devices misuse them for impersonation
1
2 3 4
5 6Physical attacks possible on lost or stolen devices(3% in the US in 2013)
Scalable attacks
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 6: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/6.jpg)
6
How does FIDO work?
DeviceUser verification FIDO AuthenticationAuthenticator
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 7: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/7.jpg)
7
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Require user gesture before private key can
be used
Challenge
(Signed) ResponsePrivate key
dedicated to one app Public key
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 8: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/8.jpg)
8
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
… …SE
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 9: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/9.jpg)
9
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Same Authenticatoras registered before?
Same User as enrolled before?
Can recognize the user (i.e. user verification), but doesn’t know its identity
attributes.
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 10: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/10.jpg)
10
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Same Authenticatoras registered before?
Same User as enrolled before?
Can recognize the user (i.e. user verification), but doesn’t know its identity
attributes.
Identity binding to be done outside FIDO: This this “John Doe
with customer ID X”.
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 11: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/11.jpg)
11
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
… …SE
How is the key protected (TPM, SE,
TEE, …)?Which user verification
method is used?
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 12: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/12.jpg)
12
Attestation & Metadata
Authenticator FIDO Registration
Signed Attestation Object
Metadata
Private attestation
key
Verify using trust anchor included in Metadata
Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org (or other sources)
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 13: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/13.jpg)
FIDO Authenticator Concept
FIDO Authenticator
User Verification /
PresenceAttestation Key
Authentication Key(s)
Injected at manufacturing, doesn’t change
Generated at runtime (on Registration)
Optional Components
Transaction Confirmation
Display
![Page 14: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/14.jpg)
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification / Presence Attestation Key
Authentication Key(s)
Store at Enrollment
Compare at Authentication Unlock after comparison
Client Side Biometrics
![Page 15: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/15.jpg)
15
Passwordless Experience (UAF Standards)
Authenticated Online
3
Biometric User Verification*
21
?Authentication
ChallengeAuthenticated Online
3
Second Factor Challenge Insert Dongle* / Press Button
Second Factor Experience (U2F Standards)
*There are other types of authenticators
21
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 16: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/16.jpg)
16
U2F RegistrationRelying PartyAppID,
challenge
a; challenge, origin, channel id, etc.
a
generate: key kpub
key kpriv
handle h kpub, h, attestation cert, signature(a,fc,kpub,h)
fc, kpub, h, attestation cert, s
cookiestore: key kpub
handle h
s
U2F Authenticator
check AppID
fc
FIDO Client / Browser
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 17: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/17.jpg)
17
U2F Authentication
U2F Authenticator
FIDO Client /Browser
Relying Party
h, a; challenge, origin, channel id, etc.retrieve:
key kpriv
from handle h; cntr++
cntr, signature(a,fc,cntr)
cntr, fc, scheck signature using key kpub
s
fc
handle, AppID, challenge
h acheck AppID
set cookie
retrieve key kpub
from handle h
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 18: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/18.jpg)
18
Authenticated Online
3
Biometric User Verification*
2Passwordless Experience (UAF Standards)
1
?Authentication Challenge
Authenticated Online
3
Second Factor Challenge Insert Dongle* / Press Button
Second Factor Experience (U2F Standards)
1
2
*There are other types of authenticators
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 19: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/19.jpg)
19
Registration OverviewPerform legacy authentication first, in order to bind authenticator to an electronic identity, then perform FIDO registration.
FIDO CLIENT
FIDO AUTHENTICATOR
FIDO SERVER
Verify userGenerate key pairSign attestation object:• Public key• AAID• Hash(FinalChallenge)• Name of relying partySigned by attestation key
Send Registration Request:• Policy• Random Challenge
Verify signatureCheck AAID against policy Store public key
Startregistration
AAID = Authenticator Attestation ID, i.e. model ID FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 20: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/20.jpg)
20
Authentication Overview
FIDO CLIENT
FIDO AUTHENTICATOR
FIDO SERVER
Verify userOpt: Display TransactionText Sign signData object:Signature alg• Hash(FinalChallenge)• Opt:
Hash(TransactionText)• Signature counterAuthenticator random Signature (Uauth key)
Send Authentication Request:• Policy• Random Challenge• Opt: TransactionText
Verify signatureCheck AAID against policy
Startauthenticatio
n
FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 21: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/21.jpg)
21
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 22: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/22.jpg)
22
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
FIDOIn FIDO• Same user verification
method for all servers
In FIDO: Arbitrary user verification methods are
supported(+ they are interoperable)
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 23: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/23.jpg)
23
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
FIDOIn FIDO: Scalable security depending on Authenticator implementation
In FIDO: • Only public keys on server• Not phishable
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 24: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/24.jpg)
24
Conclusion• Different authentication use-cases lead to different
authentication requirements• FIDO separates user verification from authentication
and hence supports all user verification methods• FIDO supports scalable convenience & security• User verification data is known to Authenticator only• FIDO complements federation
All Rights Reserved | FIDO Alliance | Copyright 2016.
![Page 25: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/25.jpg)
What about rubber fingers?
Protection methods in FIDO1. Attacker needs access to the Authenticator and swipe
rubber finger on it. This makes it a non-scalable attack.
2. Authenticators might implement presentation attack detection methods.
Remember:Creating hundreds of millions of rubber fingers + stealing the related authenticators is expensive. Stealing hundreds of millions of passwords from a server has low cost per password.
![Page 26: Getting to Know the FIDO Specifications - Technical Tutorial](https://reader036.vdocuments.net/reader036/viewer/2022062823/58763cca1a28ab68098b73cb/html5/thumbnails/26.jpg)
But I can’t revoke my finger…• Protection methods in FIDO
You don’t need to revoke your finger, you can simply de-register the old (=attacked) authenticator. Then,
1. Get a new authenticator2. Enroll your finger (or iris, …) to it3. Register the new authenticator to the service