1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION
2 Data Breaches are out of control
3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach
4 We have a PASSWORD PROBLEM
5 TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE Re-used Phished Keylogged
6 Adding more authentication has largely been rejected by users
7 ONE-TIME PASSCODES Improve security but aren t easy enough SMS Reliability Token Necklace Poor User Experience Still Phishable
8 WE NEED A NEW MODEL Fast IDentity Online
9 THE OLD PARADIGM OTP 2FA Passwords PINs SECURITY USABILITY
10 THE FIDO PARADIGM SECURITY Weak Strong OTP 2FA Passwords PINs Poor Good USABILITY
10 Single Sign-On Federation MODERN AUTHENTICATION Authentication Passwords Strong Risk-Based User Management Physical-to-digital identity 11
12 HOW DOES FIDO WORK? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR
13 Passwordless Experience (FIDO UAF Standards) 1 2 3 $10,000 Success Transfer Now Transaction Detail User Authentication Done Second Factor Experience (FIDO U2F Standards) 1 2 Success 3 Login & Password Insert dongle Press Button Done
14 Fido Registration 1 2 3 User Approval New Key Created Registration Begins 4 Key Registered using Public Key Cryptography
15 Fido Login 1 2 3 Login Challenge Key Selected Login User Approval 4 Login Complete Login Response using Public Key Cryptography
16 online authentication using public key cryptography
17 THE BUILDING BLOCKS FIDO USER DEVICE BROWSER/APP RELYING PARTY WEB SERVER FIDO CLIENT TLS Server Key FIDO SERVER FIDO UPDATE ASM FIDO AUTHENTICATOR Cryptographic authentication key reference DB Authenticator Metadata & attestation trust store Authentication keys Attestation keys METADATA SERVICE
18 ATTESTATION & METADATA Signed Attestation Object Verify using trust anchor Included in Metadata FIDO Authenticator FIDO Server Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources)
19 FIDO UNIVERSAL 2 ND FACTOR Is a user present? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR Same authenticator as registered before?
20 Step 1 U2F AUTHENTICATION DEMO EXAMPLE
21 Step 2 U2F AUTHENTICATION DEMO EXAMPLE
22 Step 3 U2F AUTHENTICATION DEMO EXAMPLE
23 Step 4 U2F AUTHENTICATION DEMO EXAMPLE +Bob
24 FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF Same User as enrolled before? Same Authenticator as registered before? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR
25 STEP 1 UAF AUTHENTICATION DEMO EXAMPLE
26 STEP 2 UAF AUTHENTICATION DEMO EXAMPLE
27 STEP 3 UAF AUTHENTICATION DEMO EXAMPLE
28 STEP 4 UAF AUTHENTICATION DEMO EXAMPLE
29 USABILITY, SECURITY and PRIVACY
30 No 3rd Party in the Protocol No Secrets on the Server side Biometric data (if used) never leaves device No link-ability between Services or Accounts
31 Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers
32 The FIDO Alliance is an open association of more than 180 diverse member organizations
33 Online Services Chip Providers Device Providers Biometrics Vendors Enterprise Servers Platform Providers Board Members
34 FIDO TIMELINE FIDO 1.0 FINAL Specification FIDO Ready Program Specification Review Draft First UAF & U2F Deployments Alliance Announced FEB 2013 (6 Members) DEC 2013 (59 Members) FEB 2014 (84 Members) FEB-OCT 2014 (129 Members) DEC 9 2014 (152 Members)
35 News from the front The significance of early 2015 announcements
36 Windows used by 1.5 billion users Windows 10 in 190 countries by Q3 Free upgrade FIDO in Windows 10
37 First healthcare deployment Physician access to health records up to 50 million Healthcare users FIDO in Healthcare
38 PayPal continues FIDO enablement in improved mobile wallet app. Google has FIDO in Chrome and 2-Step Verification. Samsung adds touch to Galaxy S6 and ships FIDO on all Galaxy devices 2014 Deployments
39 A range of FIDO PRODUCTS is now available
40 Online Services Chip Providers Device Providers Biometrics Technology Providers Implementing 1.0 Specifications (this is only a subset of active implementations) Enterprise Servers Open Source Mobile Apps/Clients WWW Browsers
41 JOIN THE FIDO ALLIANCE
42 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION