getting to know the fido specifications - technical tutorial
TRANSCRIPT
GETTING TO KNOW THE FIDO SPECIFICATIONS
Rolf Lindemann, Senior Director Products & Technology, Nok Nok Labs
All Rights Reserved | FIDO Alliance | Copyright 2016.
2
How Secure is Authentication?
All Rights Reserved | FIDO Alliance | Copyright 2016.
3
Cloud Authentication
DeviceSomething Authentication
Risk Analytics
Internet
All Rights Reserved | FIDO Alliance | Copyright 2016.
4
Password Issues
DeviceSomething Authentication
Internet
Password could be stolen from the server
1Password might be entered into untrusted
App / Web-site (“phishing”)
2
Too many passwords to remember
(>re-use / cart Abandonment)
3
Inconvenient to type password on
phone
4
All Rights Reserved | FIDO Alliance | Copyright 2016.
5
Classifying Threats
Remotely attacking central serverssteal data for impersonation
Remotely attacking lots of user devices
steal data for impersonation
Remotely attacking lots of user devices
misuse them for impersonation
Remotely attacking lots of user devices
misuse authenticated sessions
Physically attacking user devicessteal data for impersonation
Physically attacking user devices misuse them for impersonation
1
2 3 4
5 6Physical attacks possible on lost or stolen devices(3% in the US in 2013)
Scalable attacks
All Rights Reserved | FIDO Alliance | Copyright 2016.
6
How does FIDO work?
DeviceUser verification FIDO AuthenticationAuthenticator
All Rights Reserved | FIDO Alliance | Copyright 2016.
7
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Require user gesture before private key can
be used
Challenge
(Signed) ResponsePrivate key
dedicated to one app Public key
All Rights Reserved | FIDO Alliance | Copyright 2016.
8
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
… …SE
All Rights Reserved | FIDO Alliance | Copyright 2016.
9
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Same Authenticatoras registered before?
Same User as enrolled before?
Can recognize the user (i.e. user verification), but doesn’t know its identity
attributes.
All Rights Reserved | FIDO Alliance | Copyright 2016.
10
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
Same Authenticatoras registered before?
Same User as enrolled before?
Can recognize the user (i.e. user verification), but doesn’t know its identity
attributes.
Identity binding to be done outside FIDO: This this “John Doe
with customer ID X”.
All Rights Reserved | FIDO Alliance | Copyright 2016.
11
How does FIDO work?
AuthenticatorUser verification FIDO Authentication
… …SE
How is the key protected (TPM, SE,
TEE, …)?Which user verification
method is used?
All Rights Reserved | FIDO Alliance | Copyright 2016.
12
Attestation & Metadata
Authenticator FIDO Registration
Signed Attestation Object
Metadata
Private attestation
key
Verify using trust anchor included in Metadata
Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org (or other sources)
All Rights Reserved | FIDO Alliance | Copyright 2016.
FIDO Authenticator Concept
FIDO Authenticator
User Verification /
PresenceAttestation Key
Authentication Key(s)
Injected at manufacturing, doesn’t change
Generated at runtime (on Registration)
Optional Components
Transaction Confirmation
Display
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification / Presence Attestation Key
Authentication Key(s)
Store at Enrollment
Compare at Authentication Unlock after comparison
Client Side Biometrics
15
Passwordless Experience (UAF Standards)
Authenticated Online
3
Biometric User Verification*
21
?Authentication
ChallengeAuthenticated Online
3
Second Factor Challenge Insert Dongle* / Press Button
Second Factor Experience (U2F Standards)
*There are other types of authenticators
21
All Rights Reserved | FIDO Alliance | Copyright 2016.
16
U2F RegistrationRelying PartyAppID,
challenge
a; challenge, origin, channel id, etc.
a
generate: key kpub
key kpriv
handle h kpub, h, attestation cert, signature(a,fc,kpub,h)
fc, kpub, h, attestation cert, s
cookiestore: key kpub
handle h
s
U2F Authenticator
check AppID
fc
FIDO Client / Browser
All Rights Reserved | FIDO Alliance | Copyright 2016.
17
U2F Authentication
U2F Authenticator
FIDO Client /Browser
Relying Party
h, a; challenge, origin, channel id, etc.retrieve:
key kpriv
from handle h; cntr++
cntr, signature(a,fc,cntr)
cntr, fc, scheck signature using key kpub
s
fc
handle, AppID, challenge
h acheck AppID
set cookie
retrieve key kpub
from handle h
All Rights Reserved | FIDO Alliance | Copyright 2016.
18
Authenticated Online
3
Biometric User Verification*
2Passwordless Experience (UAF Standards)
1
?Authentication Challenge
Authenticated Online
3
Second Factor Challenge Insert Dongle* / Press Button
Second Factor Experience (U2F Standards)
1
2
*There are other types of authenticators
All Rights Reserved | FIDO Alliance | Copyright 2016.
19
Registration OverviewPerform legacy authentication first, in order to bind authenticator to an electronic identity, then perform FIDO registration.
FIDO CLIENT
FIDO AUTHENTICATOR
FIDO SERVER
Verify userGenerate key pairSign attestation object:• Public key• AAID• Hash(FinalChallenge)• Name of relying partySigned by attestation key
Send Registration Request:• Policy• Random Challenge
Verify signatureCheck AAID against policy Store public key
Startregistration
AAID = Authenticator Attestation ID, i.e. model ID FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge
All Rights Reserved | FIDO Alliance | Copyright 2016.
20
Authentication Overview
FIDO CLIENT
FIDO AUTHENTICATOR
FIDO SERVER
Verify userOpt: Display TransactionText Sign signData object:Signature alg• Hash(FinalChallenge)• Opt:
Hash(TransactionText)• Signature counterAuthenticator random Signature (Uauth key)
Send Authentication Request:• Policy• Random Challenge• Opt: TransactionText
Verify signatureCheck AAID against policy
Startauthenticatio
n
FinalChallenge=AppID | FacetID | channelBinding
| serveChallenge
All Rights Reserved | FIDO Alliance | Copyright 2016.
21
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
All Rights Reserved | FIDO Alliance | Copyright 2016.
22
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
FIDOIn FIDO• Same user verification
method for all servers
In FIDO: Arbitrary user verification methods are
supported(+ they are interoperable)
All Rights Reserved | FIDO Alliance | Copyright 2016.
23
Convenience & SecuritySecurity
Convenience
Password + OTP
Password
FIDOIn FIDO: Scalable security depending on Authenticator implementation
In FIDO: • Only public keys on server• Not phishable
All Rights Reserved | FIDO Alliance | Copyright 2016.
24
Conclusion• Different authentication use-cases lead to different
authentication requirements• FIDO separates user verification from authentication
and hence supports all user verification methods• FIDO supports scalable convenience & security• User verification data is known to Authenticator only• FIDO complements federation
All Rights Reserved | FIDO Alliance | Copyright 2016.
What about rubber fingers?
Protection methods in FIDO1. Attacker needs access to the Authenticator and swipe
rubber finger on it. This makes it a non-scalable attack.
2. Authenticators might implement presentation attack detection methods.
Remember:Creating hundreds of millions of rubber fingers + stealing the related authenticators is expensive. Stealing hundreds of millions of passwords from a server has low cost per password.
But I can’t revoke my finger…• Protection methods in FIDO
You don’t need to revoke your finger, you can simply de-register the old (=attacked) authenticator. Then,
1. Get a new authenticator2. Enroll your finger (or iris, …) to it3. Register the new authenticator to the service