FIDO TECHNICAL OVERVIEW. All Rights Reserved FIDO Alliance Copyright 2018

Transcription

1 FIDO TECHNICAL OVERVIEW 1

2 HOW SECURE IS AUTHENTICATION? 2

3 CLOUD AUTHENTICATION Risk Analytics Something Device Internet Authentication 3

4 PASSWORD ISSUES 2 Password might be entered into untrusted App / Website ( phishing ) 1 Password could be stolen from the server 4 Inconvenient to type password on phone Something Device Internet Authentication 3 Too many passwords to remember (>re-use / cart Abandonment) 4

5 OTP ISSUES 1 OTP vulnerable to realtime MITM and MITB attacks 4 Inconvenient to type OTP into phone Internet Something Device Authentication 3 OTP HW tokens are expensive and people don t want another device 2 SMS security questionable, especially when Device is the phone 5 All Rights Reserved FIDO Alliance Copyright 2017

6 HOW SECURE IS AUTHENTICATION? 6

7 HOW SECURE IS AUTHENTICATION? Scalable Attacks Attacks require physical action not scalable Things are never 100% secure, so focus on adequate security. Focus on the scalable attacks first. 7

8 HOW DOES FIDO WORK? 8

9 HOW DOES FIDO WORK? User verification Authenticator Device FIDO Authentication 9

10 FIDO AUTHENTICATORS We see Bound Authenticators, i.e. authenticators that are an integral part of a smartphone or laptop. We see Roaming Authenticators, i.e. authenticators that can be connected to different smartphones or laptops using CTAP. In both categories you find support for different modalities Verify User Presence Verify User 10

11 HOW DOES FIDO WORK? Challenge User verification Authenticator FIDO Authentication Require user gesture before private key can be used Private key dedicated to one app (Signed) Response Public key 11

12 HOW DOES FIDO WORK? Same User as enrolled before? Same Authenticator as registered before? User verification Authenticator FIDO Authentication Can recognize the user (i.e. user verification), but doesn t know its identity attributes. 12

13 HOW DOES FIDO WORK? Same User as enrolled before? Same Authenticator as registered before? Identity binding to be done outside FIDO: This this John Doe with customer ID X. User verification Authenticator FIDO Authentication Can recognize the user (i.e. user verification), but doesn t know its identity attributes. 13

14 FIDO & Federation First Mile Second Mile FIDO USER DEVICE IdP Service Provider BROWSER / APP FIDO Protocol FEDERATION SERVER Federation FIDO CLIENT Id DB FIDO AUTHENTICATOR FIDO SERVER Knows details about the Authentication strength Knows details about the Identity and its verification strength. 14

15 FIDO ECOSYSTEM User verification Authenticator FIDO Authentication SE 15

16 FIDO ECOSYSTEM How is the key protected (TPM, SE, TEE, )? Which user verification method is used? User verification Authenticator FIDO Authentication SE 16

17 ATTESTATION + METADATA Signed Attestation Object Relying parties can store this for auditing purposes Metadata FIDO Registration Private attestation key Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org 17

18 BINDING KEYS TO RELYING PARTIES A calc B A docs FIDO Platform Client determines the caller and (AppID/RP passes it ID) to and the Authenticator passes it to the for Authenticator selecting for selecting correct the key. correct key. Use A-corp.com key Use B-corp.com key B a-corp One Account All Applications As Mobile App & Web App b-corp A calc A docs 18

19 FIDO AUTHENTICATORS FIDO has an Authenticator Certification program. Different certification levels address the needs to protect against scalable and physical attacks. See 19

20 HOW DOES FIDO WORK? PSD2: PSU FIDO: User User Environment PSD2: (no equivalent) FIDO: Challenge PSD2: ASPSP FIDO: Relying Party User gesture before private key can be used (Touch, PIN entry, Biometric) Authenticator PSD2: Personalized Security Credential FIDO: Private key PSD2: Authentication Code FIDO: (Signed) Response PSD2: (no equivalent) FIDO: Public key Local user verification step On-line authentication step 20

21 FIDO AUTHENTICATOR CONCEPT Optional Components Injected at manufacturing, doesn t change FIDO Authenticator User Verification / Presence Transaction Confirmation Display Attestation Key Authentication Key(s) Generated at runtime (on Registration) 21

22 FIDO BUILDING BLOCKS USER DEVICE RP App FIDO Authentication FIDO Client ASM RP App Server (Bound) Authenticator (External) Authenticator FIDO Server Metadata 22

23 FIDO USE CASES Passwordless Experience 1? 2 3 Authentication Challenge Biometric User Verification* Authenticated Online Second Factor Experience Second Factor Challenge Insert Dongle* / Press Button Authenticated Online *There are other types of authenticators (e.g. PIN) 23

24 FIDO BUILDING BLOCKS User Device Web Authentication JS API RP App Browser FIDO Authentication Platform (Bound) Authenticator CTA P (Roaming) Authenticator RP App Server FIDO Server Metadata 24

25 WEB AUTHENTICATION JavaScript API that enables FIDO Authentication directly in web browsers Supported In: 25

26 FIDO AUTHENTICATION: SECURITY & CONVENIENCE 26

27 CONVENIENCE & SECURITY Security Password Convenience 27

28 CONVENIENCE & SECURITY Security Password + OTP Password Convenience 28

29 CONVENIENCE & SECURITY Security In FIDO Same user verification method for all servers FIDO Password + OTP Password In FIDO: Arbitrary user verification methods are supported (+ they are interoperable) Convenience 29

30 CONVENIENCE & SECURITY Security In FIDO: Scalable security depending on Authenticator implementation FIDO Password + OTP Password In FIDO: Only public keys on server Not phishable Convenience 30

31 CONCLUSION Different authentication use-cases lead to different authentication requirements FIDO separates user verification from authentication and hence supports all user verification methods FIDO supports scalable convenience & security User verification data is known to Authenticator only FIDO complements federation 31

32 FIDO REGISTRATION Authenticator select Authenticator according to copts; determine rpid, get tlsdata; clientdata := {challenge, origin, rpid, halg, tlsdata} copts: crypto params, credential black list, extensions accountinfo, challenge, [copts] ai verify user generate: key k pub key k priv credential c rpid, ai, hash(clientdata), cryptop, [exts] cdh c,k pub,clientdata,ac,cdh,rpid,cntr,aaguid[,exts], signature(tbs) ac: attestation certificate chain s tbs c,k pub,clientdata,ac,tbs, s store: key k pub c 32

33 FIDO AUTHENTICATION Authenticator select Authenticator according to policy; check rpid, get tlsdata (i.e. channel id, etc.); lookup key handle h; clientdata := {challenge, rpid, tlsdata} challenge, [aopts] Relying Party verify user find key k priv cntr++; process exts rpid, [c,] hash(clientdata) cdh clientdata,cntr,[exts],signature(cdh,cntr,exts) s clientdata, cntr, exts, s lookup k pub from DB check: exts + signature using key k pub 33