U2F Case Study: Examining the U2F Paradox
-
Upload
fido-alliance -
Category
Technology
-
view
159 -
download
1
Transcript of U2F Case Study: Examining the U2F Paradox
5
Didn’t We Solve This Already?
SMS OTP DevicesCoverageDelayCostBatteryPolicy
One per siteProvisioning costsBattery
Smart CardsReaders/driversMiddlewareCost
6
Bad User experience Still phishableUsers find it hard to use Successful attacks
carried out today
MitMSuccessful attacks carried out today
And...
7
Why U2F?• Simple
– To register and authenticate -- a simple touch!– No drivers or client software to install
• Secure– Public key cryptography– Protects against phishing and man-in-the-middle
•Scalable– One U2F device, many services
•Protects Privacy – No secrets shared between service providers
Serversendschallenge1
Serverreceivesandverifiesdevicesignatureusingattestationcert5Keyhandleandpublickeyarestoredindatabase6
Devicegenerates keypair2Devicecreateskeyhandle3Devicesignschallenge+clientinfo4
Registration
Serversendschallenge+keyhandle1
Serverreceivesandverifiesusingstoredpublickey4
Deviceunwraps/derivesprivatekeyfromkeyhandle2Devicesignschallenge+clientinfo3
Authentication
Individu
alwith
U2FDevice
,RelyingParty
17
U2F Device Client
Relying Party
challenge
challenge
Sign with kpriv signature(challenge)
s
Checksignature (s)using kpub
s
Lookupkpub
Authentication
18
U2F Device Client
Relying Party
challenge
challenge, origin, channel id
Sign with kpriv
signature(c)
c, sCheck susing kpub
Verify origin & channel id
s
Lookupkpub
Phishing/MitM Protection
19
U2F Device Client
Relying Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
aCheckapp id
Lookupthe kpriv
associated with h
Sign with kpriv
signature(a,c)
c, sCheck susing kpub
Verify origin & channel id
s
h
Lookup the kpub
associated with h
Application-Specific Keys
20
U2F Device Client
Relying Party
handle, app id, challenge
h, a; challenge, origin, channel id, etc.
c
aCheckapp id
Lookupthe kpriv
associated with h
Sign with kpriv
counter++
counter, signature(a,c, counter)
counter, c, sCheck susing kpub
Verify origin, channel id & counter
s
h
Lookup the kpub
associated with h
Device Cloning
21
U2F Device Client
Relying Party
app id, challenge
a; challenge, origin, channel id, etc.
c
aCheckapp id
Generate:kpub
kpriv
handle h kpub, h, attestation cert, signature(a,c,kpub,h)
c, kpub, h, attestation cert, s
Associate kpub with handle hfor user
s
Registration + Device Attestation
23
ResourcesStrengthen 2 step verification with Security Key
Yubico Security Key
Yubico Libraries, Plugins, Sample Code, Documentation
FIDO U2F Protocol Specification
Yubico Demo Server - Test U2F
Yubico Demo Server - Test Yubico OTP
Google security blog
yubico.com/security-key
developers.yubico.com
fidoalliance.org/specifications
demo.yubico.com/u2f
demo.yubico.com