FIDO Specifications Tutorial

FIDO SPECIFICATION TUTORIALJerrod Chong,

Yubico

All Rights Reserved | FIDO Alliance | Copyright 2016

How Secure is Authentication?

2All Rights Reserved | FIDO Alliance | Copyright 2016.

Passwords

Broken

Phishing

Widespread

Existing Options

Inadequate

Online Authentication

3

DeviceSomething Authentication

Risk Analytics

Internet

All Rights Reserved | FIDO Alliance | Copyright 2016.

Password Issues

4

DeviceSomething Authentication

Internet

Password could be stolen

from the server

1Password might be entered

into untrusted App / Web-

site (“phishing”)

2

Too many passwords to

remember

(>re-use / cart Abandonment)

3

Inconvenient to type

password on phone

4


Classifying Threats

5

Remotely attacking central serverssteal data for impersonation

Remotely attacking lots of user devices

steal data for impersonation


misuse them for impersonation


misuse authenticated sessions

Physically attacking user devicessteal data for impersonation

Physically attacking user devices misuse them for impersonation

1

2 3 4

5 6


Scalable63% of confirmed data breaches involved leveraging weak/default/stolen passwords *

* 2016 Verizon Data Breach

How does FIDO work?

6

AuthenticatorUser verification FIDO Authentication

Require user gesture before

private key can be used

Challenge

(Signed) Response

Private key

dedicated to one appPublic key


How does FIDO work?

7


…SE


How does FIDO work?

8


Same Authenticator

as registered before?

Same User as

enrolled before?


How does FIDO work?

9


…SE

How is the key protected

(TPM, SE, TEE, …)?

Which user verification

method is used?


FIDO ServerFIDO

AuthenticatorMetadata

Signed

Attestation

Object

Verify Trust Anchor

(Available from Metadata

Service or Other Source)

Understand Authenticator Characteristic

(Using Info From Metadata or Other Source)

ATTESTATION & METADATA

20Confidential

11

Single Factor Experience (UAF Standards)

Authenticated Online

3

Biometric User Verification*

21

?

Authentication Challenge Authenticated Online

3

Second Factor Challenge Insert Dongle* / Press Button

Second Factor Experience (U2F Standards)

*There are other types of authenticators

21


U2F

Device Client

Relying

Party

challenge

challenge

Sign

with

kpriv signature(challenge)

s

Check

signature (s)

using kpub

s

Lookup

kpub

Authentication

U2F

Device Client

Relying

Party

challenge

challenge, origin, channel id

Sign

with kpriv

signature(c)

c, s

Check s

using kpub

Verify origin &

channel id

s

Lookup

kpub

Phishing/MitM Protection

U2F

Device Client

Relying

Partyhandle, app id, challenge

h, a; challenge, origin, channel id, etc.

c

a

Check

app id

Lookup

the kpriv

associated

with h

Sign

with kpriv

signature(a,c)

c, sCheck s

using kpub

Verify origin

& channel id

s

h

Lookup

the kpub

associated

with h

Application-Specific Keys

U2F

Device Client

Relying

Party

app id, challenge

a; challenge, origin, channel id, etc.

c

aCheck

app id

Generate:

kpub

kpriv

handle h kpub, h, attestation cert, signature(a,c,kpub,h)

c, kpub, h, attestation cert, s

Associate

kpub with

handle h

for user

s

Registration + Device Attestation

16

Authenticated

Online

3

Biometric User

Verification*

2

Single Factor Experience (UAF Standards)

1

?

Authentication Challenge Authenticated

Online

3

Second Factor Challenge Insert Dongle* / Press Button

Second Factor Experience (U2F Standards)

1 2

*There are other types of authenticators


Registration Overview

17

Perform legacy authentication first, in order to bind authenticator to an

electronic identity, then perform FIDO registration.

FIDO CLIENT

FIDO AUTHENTICATOR

FIDO SERVER

Verify user

Generate key pair

Sign attestation object:

• Public key

• AAID

• Hash(FinalChallenge)

• Name of relying party

Signed by attestation key

Send Registration Request:

• Policy

• Random Challenge

Verify signature

Check AAID against policy

Store public key

Start

registration

AAID = Authenticator Attestation ID, i.e. model ID

FinalChallenge=AppID | FacetID | channelBinding

| serveChallenge


Authentication Overview

18

FIDO CLIENT

FIDO AUTHENTICATOR

FIDO SERVER

Verify user

Opt: Display TransactionText

Sign signData object:

Signature alg

• Hash(FinalChallenge)

• Opt: Hash(TransactionText)

• Signature counter

Authenticator random

Signature (Uauth key)

Send Authentication Request:

• Policy

• Random Challenge

• Opt: TransactionText

Verify signature

Check AAID against policy

Start

authentication

FinalChallenge=AppID | FacetID | channelBinding

| serveChallenge


Convenience & Security

19

Security

Convenience

Password + OTP

Password


Common Authentication Stack

20

Security

Convenience

Password + OTP

Password

FIDO

In FIDO: Same user verification

method for all servers

In FIDO: Arbitrary user verification

methods are supported

and interoperable


Scalable

21

Security

Convenience

Password + OTP

Password

FIDO

In FIDO: Scalable security

depending on Authenticator

implementation

In FIDO:

• Only public keys on server

• One authenticator to many

services

• Not phishable


Conclusion

• Different authentication use-cases lead to different authentication requirements

• FIDO separates user verification from authentication and hence supports all user verification methods

• Simple, Single gesture authentication

• FIDO supports scalable convenience & security

• User verification data is known to Authenticator only

• FIDO complements federation

22All Rights Reserved | FIDO Alliance | Copyright 2016.

FIDO Specifications Tutorial

Technology

Transcript of FIDO Specifications Tutorial