Internet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m

Transcription

1 UAF Protocol

2

3 Internet is Global 120m 300m 1.3bn Users 160m 289m 300m #Users 2014 Google: 2013 Twitter: 2015

4 Devices without physical keyboard

5 How Secure is Authentication?

6 Cloud Authentication

7 Password Issues Password might be entered into untrusted App / Web-site ( phishing ) Password could be stolen from the server Inconvenient to type password on phone Too many passwords to remember re-use / cart abandonment

8 OTP Issues OTP vulnerable to realtime MITM and MITB attacks Inconvenient to type OTP on phone OTP HW tokens are expensive and people don t want another device SMS security questionable, especially when Device is the phone

9

10 Attack Classes 5 6 Physical attacks possible on lost or stolen devices ( 3% in the US in 2013) Physically attacking user devices steal data for impersonation Physically attacking user devices misuse them for impersonation Remotely attacking lots of user devices Remotely attacking lots of user devices Remotely attacking lots of user devices Scalable attacks steal data for impersonation misuse them for impersonation misuse authenticated sessions 1 Remotely attacking central servers steal data for impersonation

11 Summary 1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision

12 How does FIDO work? Device

13 How does FIDO UAF work? SE

14 How does FIDO UAF work? Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t have an identity proof of the user.

15 How does FIDO UAF work? Identity binding to be done outside FIDO: This this John Doe with customer ID X. Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t have an identity proof of the user.

16 How does FIDO UAF work? How is the key protected (TPM, SE, TEE, )? What user verification method is used? SE

17 Attestation & Metadata FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata

18 How does FIDO UAF work? 6. Use site-specific keys in order to protect privacy 4. Provide cryptographic proof of authenticator model 3. Store public keys on the server (no secrets) 2. Define policy of acceptable Authenticators 8. Use channel binding to protect against MITM 7. Verify user before signing authentication response 5. Generate key pair in Authenticator to protect against phishing 1. Use Metadata to understand Authenticator model security characteristic

19 FIDO Building Blocks

20 Registration Overview FIDO CLIENT Send Registration Request: - Policy - Random Challenge FIDO SERVER FIDO AUTHENTICATOR Start registration Verify signature Check AAID against policy Store public key Verify user Generate key pair Sign attestation object: Public key AAID Random Challenge Name of relying party Signed by attestation key AAID = Authenticator Attestation ID, i.e. model ID

21 Registration Overview (2) Relying Party foo.com Physical Identity Know Your Customer rules Legacy Authentication WEB Application { userid=1234, jane@mail.com, known since 03/05/04, payment history=xx, } Virtual Identity FIDO AUTHENTICATOR AAID y key for foo.com: 0xfa4731 Registration FIDO SERVER Link new Authenticator to existing userid { userid=1234, pubkey=0x43246, AAID=x +pubkey=0xfa4731, AAID=y }

22 UAF Authentication

23 UAF Authentication

24 UAF Authentication

25 UAF Authentication

26 UAF Authentication

27 UAF Authentication

28 UAF Authentication Pat Johnson

29 UAF Authentication SignedData: SignatureAlg Hash(FinalChallenge) Authenticator random Signature Counter Signature Pat Johnson 650 Castro Street Mountain View, CA United States FinalChallenge=AppID FacetID channelbinding challenge

30 UAF Authentication Pat Johnson Payment complete! Return to the merchant s web site to continue shopping Return to the merchant

31 Transaction Confirmation SignedData: SignatureAlg Hash(FinalChallenge) Authenticator random Signature Counter Hash(Transaction Text) Signature FinalChallenge=AppID FacetID channelbinding challenge

32 The FIDO Authenticator Concept Injected at manufacturing, doesn t change FIDO Authenticator User Verification / Presence Attestation Key Transaction Confirmation Display Authentication Key(s) Optional Components Generated at runtime (on Registration)

33 Using Secure Hardware FIDO Authenticator in SIM Card User Verification (PIN) SIM Card Attestation Key Authentication Key(s)

34 Client Side Biometrics Trusted Execution Environment (TEE) FIDO Authenticator as Trusted Application (TA) User Verification / Presence Attestation Key Store at Enrollment Authentication Key(s) Compare at Authentication Unlock after comparison

35 Combining TEE and SE Trusted Execution Environment (TEE) FIDO Authenticator as Trusted Application (TA) e.g. GlobalPlatform Trusted UI User Verification / Presence Transaction Confirmation Display Secure Element Attestation Key Authentication Key(s)

36 FIDO & Federation First Mile Second Mile

37 FIDO Ready TM Products Shipping today OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S tablets OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems: Software Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element

38 FIDO is used Today

39 Conclusion Different authentication use-cases lead to different authentication requirements Today, we have authentication silos FIDO separates user verification from authentication protocol and hence supports all user verification methods FIDO supports scalable security and convenience User verification data is known to Authenticator only FIDO complements federation Consider developing or piloting FIDO-based authentication solutions Dr. Rolf Lindemann, Nok Nok Labs,

40 UAF Registration

41 UAF Registration

42 UAF Registration

43 UAF Registration

44 UAF Registration

45 UAF Registration

46 UAF Registration Pat Johnson Link your fingerprint

47 UAF Registration Pat Johnson Link your fingerprint

48 UAF Registration Pat Johnson Link your fingerprint Key Registration Data: Hash(FinalChallenge) AAID Public key KeyID Registration Counter Signature Counter Signature (attestation key) FinalChallenge=AppID FacetID channelbinding challenge

49 UAF Registration Pat Johnson