FIDO U2F UAF Tutorial v1 PDF

U2F & UAF Tutorial
How Secure is Authentication?

2014 1.2bn?
2013 397m
Dec. 2013 145m
Oct. 2013 130m
May 2013 22m
April 2013 50m
March 2013 50m

Cloud Authentication
Password Issues
1 2
Password might be Password could be stolen
entered into untrusted from the server
App / Web-site
(“phishing”)
4
Inconvenient to type
password on phone
3
Too many passwords to
remember
à re-use / cart
abandonment
OTP Issues
1
OTP vulnerable to real-
time MITM and MITB
attacks
4
Inconvenient to type OTP
on phone
3
OTP HW tokens are
expensive and people
don’t want another device
2
SMS security questionable,
especially when Device is the
phone
Implementation Challenge
A Plumbing Problem
User Verification Methods Applications Organizations
Silo 1
App 1
Silo 2
Silo 3
App 2
Silo N
? ? New
App
Authentication Needs
Do you want to login?
Do you want to transfer $100 to Frank?
Do you want to ship to a new address?
Do you want to delete all of your emails?
Do you want to share your dental record?
Authentication today:
Ask user for a password
(and perhaps a one time code)
Authentication & Risk Engines
Purpose Geolocation …
(from IP addr.)
Explicit Authentication
Authentication Risk Engine

Server
Summary
1.  Passwords are insecure and inconvenient

especially on mobile devices
2.  Alternative authentication methods are silos
and hence don‘t scale to large scale user
populations
3.  The required security level of the
authentication depends on the use
4.  Risk engines need information about the
explicit authentication security for good
decision
How does FIDO work?
Device
FIDO Experiences
ONLINE AUTH REQUEST Local USER Verification SUCCESS
PASSWORDLESS EXPERIENCE (UAF standards)
Transaction Detail Show a biometric or PIN Done
SECOND FACTOR EXPERIENCE (U2F standards)
Login & Password Insert Dongle, Press button Done

FIDO Universal 2nd Factor (U2F)
How does FIDO U2F work?
Verify user …
presence
Is a user Same Authenticator

present? as registered before?
Can verify user

presence
How does FIDO UAF work?
Identity binding to be
done outside FIDO:
This this “John Doe
with customer ID X”.
Same Authenticator
Same User as as registered before?
enrolled before?
Can recognize the

user (i.e. user
verification), but
doesn’t have an
identity proof of
the user.
How is the key protected?
Verify user …
presence
U2F Protocol
•  Core idea: Standard public key cryptography:
o  User's device mints new key pair, gives public key to server
o  Server asks user's device to sign data to verify the user.
o  One device, many services, "bring your own device" enabled
•  Lots of refinement for this to be consumer facing:
o  Privacy: Site specific keys, No unique ID per device
o  Security: No phishing, man-in-the-middles
o  Trust: Verify who made the device
o  Pragmatics: Affordable today, ride hardware cost curve down
o  Speed for user: Fast crypto in device (Elliptic Curve)
Think "Smartcard re-designed for modern consumer

web"
U2F Registration
FIDO Client / Relying
U2F Authenticator Browser Party
AppID, challenge
check AppID a
a; challenge, origin, channel id, etc.

generate:
key kpub
fc
key kpriv
handle h
kpub, h, attestation cert, signature(a,fc,kpub,h)
s fc, kpub, h, attestation cert, s

cookie store:
key kpub
handle h
U2F Authentication
FIDO Client / Relying
U2F Authenticator Browser Party
handle, AppID, challenge
check AppID h a
h, a; challenge, origin, channel id, etc.

retrieve
retrieve: key kpub
key kpriv fc from
from handle h
handle h;
cntr++
cntr, signature(a,fc,cntr)
s cntr, fc, s
check
signature
using
key kpub
set cookie
User Presence API: Registration
{"typ":"register",
"challenge":"KSDJsdASAS-‐AIS_AsS",
"cid_pubkey": {
"kty":"EC",
"crv":"P-‐256",
"x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8",
"y":"XVguGFLIZx1fXg375hi4-‐7-‐BxhMljw42Ht4"
},
navigator.handleRegistrationRequest({
"origin":"https://accounts.google.com"
} ‘challenge’: ‘KSDJsdASAS-‐AIS_AsS’,
‘app_id’: ‘https://www.google.com/facets.json’},
callback);

callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
User Presence API: Auth.
{
"typ":"authenticate",
"challenge":"KSDJsdASAS-‐AIS_AsS",
"cid_pubkey": {
"kty":"EC",
"crv":"P-‐256",
navigator.handleAuthenticationRequest({
"x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8",
"y":"XVguGFLIZx1fXg375hi4-‐7-‐BxhMljw42Ht4"
‘challenge’: ‘KSDJsdASAS-‐AIS_AsS’,
},
‘app_id’: ‘https://www.google.com/facets.json’,
"origin":"https://accounts.google.com"
}
‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-‐sadsAJDKLSAD’},
callback);

callback = function(response) {
sendToServer(
response[‘clientData’],
response[‘tokenData’]);
};
Authentication Example
FIDO Universal Authentication
Framework (UAF)
FIDO Experiences
ONLINE AUTH REQUEST Local USER Verification SUCCESS
PASSWORDLESS EXPERIENCE (UAF standards)
Transaction Detail Show a biometric or PIN Done
SECOND FACTOR EXPERIENCE (U2F standards)
Login & Password Insert Dongle, Press button Done

… …
SE
Same Authenticator
enrolled before?
Can recognize the

user (i.e. user
verification), but
doesn’t have an
identity proof of
the user.
Identity binding to be
done outside FIDO:
This this “John Doe
with customer ID X”.
Same Authenticator
enrolled before?
Can recognize the

user (i.e. user
verification), but
doesn’t have an
identity proof of
the user.
How is the key protected
(TPM, SE, TEE, …)?
What user verification
method is used?
… …
SE
Attestation & Metadata
FIDO AUTHENTICATOR FIDO SERVER
Signed Attestation Object
Verify using trust anchor

included in Metadata
Understand Authenticator
security characteristic
by looking into Metadata
(and potentially other sources) Metadata
UAF Registration
Device Relying Party
FIDO App Web FIDO
Authenticator App Server
0 Prepare
UAF Registration
FIDO App Web FIDO

0 Prepare
UAF Registration
FIDO App Web FIDO

0 Prepare
UAF Registration
FIDO App Web FIDO

0 Prepare
Legacy Auth +
1
Initiate Reg.
UAF Registration
FIDO App Web FIDO

0 Prepare
Legacy Auth +
1
Initiate Reg.
UAF Registration
FIDO App Web FIDO

0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy

UAF Registration
Pat Johnson
pat@example.com FIDO App Web FIDO
Link your fingerprint
0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy

UAF Registration
Pat Johnson
0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy

UAF Registration
Pat Johnson
0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy

3
Verify User &
Generate New
Key Pair
(specific to RP Webapp)
UAF Registration
Pat Johnson
0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy
Reg.

4
Response
3
Verify User &
Generate New
Key Pair
UAF Registration
Pat Johnson
0 Prepare
Key Registration Data:
•  Hash(FinalChallenge) Legacy Auth +
1
•  AAID Initiate Reg.
•  Public key Reg. Request
2
•  KeyID + Policy
•  Registration Counter Reg.

4
•  Signature Counter Response
•  Signature (attestation key)
FinalChallenge=Hash(AppID | FacetID
| tlsData | challenge) 3
Verify User &
Generate New
Key Pair
UAF Registration
Pat Johnson
0 Prepare
Legacy Auth +
1
Initiate Reg.
Reg. Request
2
+ Policy
Reg.

4
Response
5
Success

3
Verify User &
Generate New
Key Pair
FIDO Building Blocks
FIDO USER DEVICE TLS Server Key RELYING PARTY
BROWSER / APP UAF Protocol

WEB SERVER
FIDO CLIENT
Cryptographic FIDO SERVER
authentication key
reference DB
ASM Authentication
keys
FIDO AUTHENTICATOR
Attestation key
Update
Authenticator
Metadata &
attestation trust
store Metadata Service
AAID & Attestation
FIDO Authenticator
Using HW based crypto AAID 1

Based on FP Sensor X
Attestation Key 1
FIDO Authenticator
Pure SW based implementation AAID 2

Based on Face Recognition alg. Y
Attestation Key 2
AAID: Authenticator Attestation ID (=model name)

Privacy & Attestation
FIDO SERVER RP1
Model A
Bob’s FIDO Authenticator
Using HW based crypto Serial #

Model A
Based on FP Sensor X
FIDO SERVER RP2
Model A
Attestation & Metadata
FIDO AUTHENTICATOR FIDO SERVER
Signed Attestation Object
Verify using trust anchor

included in Metadata
Understand Authenticator
security characteristic
by looking into Metadata
(and potentially other sources) Metadata
Facet ID / AppID
UAF Authentication
FIDO App Web FIDO

0 Prepare
UAF Authentication
FIDO App Web FIDO

0 Prepare
UAF Authentication
FIDO App Web FIDO

0 Prepare
UAF Authentication
FIDO App Web FIDO

0 Prepare
UAF Authentication
FIDO App Web FIDO

0 Prepare
Initiate
1
Authentication
UAF Authentication
FIDO App Web FIDO

0 Prepare
Initiate
1
Authentication
Auth. Request
2
with Challenge

UAF Authentication
FIDO App Web FIDO

0 Prepare
Initiate
1
Authentication
Auth. Request
2
with Challenge
Just a sec – our
secure payment

technology is
working its magic.
UAF Authentication
FIDO App Web FIDO

Pat Johnson Authenticator App Server
pat@example.com 0 Prepare
Initiate
1
Authentication
Auth. Request
2
with Challenge

Verify User &

Sign Challenge
(Key specific to RP
Webapp)
UAF Authentication
FIDO App Web FIDO

0 Prepare
Initiate
1
Authentication
Auth. Request
2
with Challenge
Pat Johnson
650 Castro Street Auth.

4
Response
Mountain View, CA 94041
United States
Verify User &

Sign Challenge
(Key specific to RP
Webapp)
UAF Authentication
FIDO App Web FIDO

0 Prepare
SignedData: Initiate
1
•  SignatureAlg Authentication
•  Hash(FinalChallenge) Auth. Request
2
•  Authenticator random with Challenge
• Castro
Signature
Pat Johnson
650 Street Counter Auth.

4
•  States
Signature
Mountain View, CA 94041
United Response
| tlsData | challenge)
3
Verify User &

Sign Challenge
(Key specific to RP
Webapp)
UAF Authentication
Pat Johnson
0 Prepare
Initiate
1
Authentication
Auth. Request
Payment complete! 2
with Challenge
Return to the merchant’s web site to Auth.

continue shopping 4
Response
5
Return to the merchant Success

3
Verify User &

Sign Challenge
(Key specific to RP
Webapp)
Transaction Confirmation
FIDO Browser Web FIDO
Authenticator or Native App Server
App 1 Initiate Transaction
Authentication Request
2
+ Transaction Text

4
Authentication Response
+ Text Hash,
signed by User’s private key 5
3 Validate
Display Text, Verify Response &
User & Unlock Text Hash
Private Key using User’s Public
(specific to User + RP Webapp) Key

Transaction Confirmation
FIDO Browser Web FIDO
Authenticator or Native App Server
App 1 Initiate Transaction
SignedData:
•  SignatureAlg Authentication Request
2
•  Hash(FinalChallenge) + Transaction Text
•  Authenticator random
•  Signature Counter
•  Hash(Transaction
4 Text) Authentication Response
•  Signature + Text Hash,
signed by User’s private key 5
3 Validate
| tlsData | challenge)
Display Text, Verify Response &
User & Unlock Text Hash
Private Key using User’s Public
(specific to User + RP Webapp) Key

The FIDO Authenticator Concept
Injected at
manufacturing,
doesn’t change
FIDO Authenticator
User
Verification /
Attestation Key
Presence
Transaction
Confirmation Authentication Key(s)
Display
Optional Generated at
Components runtime (on
Registration)
Using Secure Hardware
FIDO Authenticator in SIM Card
SIM Card
User Verification
(PIN) Attestation Key
Authentication Key(s)
Client Side Biometrics
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification / Presence

Attestation Key
Store at Enrollment
Authentication Key(s)
Compare at Authentication
Unlock after comparison
Combining TEE and SE
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Secure Element

Verification /
Attestation Key
Presence
e.g. GlobalPlatform
Trusted UI
Transaction
Confirmation Authentication Key(s)
Display
UAF Specifications
FIDO & Federation
Source: Paul Madsen, FIDO Seminar, May 2014
Complementary
•  FIDO •  Federation
o  Insulates o  Insulates applications
authentication server from identity providers
from specific
authenticators o  Does not address
o  Focused solely on primary authentication
primary authentication o  Does enable secondary
o  Does not support authentication &
attribute sharing attribute sharing
o  Can communicate
o  Can communicate details of authentication
details of from IdP to SP
authentication to
server

FIDO & Federation
First Mile Second Mile
FIDO USER DEVICE IdP Service Provider
BROWSER / APP UAF Protocol

FEDERATION SERVER Federation

FIDO CLIENT

Id DB
FIDO
AUTHENTICATOR FIDO SERVER
Knows details about the

Knows details about the Identity and its verification
Authentication strength
strength.
FIDO & Federation
High
SSO slide
Assurance
federatio
n No more
‘Password123‘
bump
status
quo
Low
High Frequency of login Low

FIDO & Federation
High
Assurance
FIDO Continuum
federatio
n
status
quo
Low

FIDO & Federation
High
FIDO +
Assurance
FIDO federatio
n
federatio
n
status
quo
Low

FIDO at Industry Event – Readiness
SIM as Secure Element
Fingerprint, TEE, Mobile
Speaker Recognition
Mobile via NFC
PIN + MicroSD
USB
FIDO ReadyTM Products Shipping today
OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S OEM Enabled: Lenovo ThinkPads with
tablets Fingerprint Sensors
Clients available for these operating systems:
Software Authenticator Examples: Aftermarket Hardware Authenticator Examples:

Speaker/Face recognition, PIN, QR Code, etc. USB fingerprint scanner, MicroSD Secure Element
FIDO is used Today
Conclusion
•  Different authentication use-cases lead to different
authentication requirements
•  Today, we have authentication silos
•  FIDO separates user verification from authentication
protocol and hence supports all user verification
methods
•  FIDO supports scalable security and convenience
•  User verification data is known to Authenticator only
•  FIDO complements federation
è Consider developing or piloting FIDO-based
authentication solutions
Dr. Rolf Lindemann, Nok Nok Labs, rolf@noknok.com

FIDO U2F UAF Tutorial v1 PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

FIDO U2F UAF Tutorial v1 PDF

Caricato da

Copyright:

Formati disponibili

U2F & UAF Tutorial

How Secure is Authentication?

Dec. 2013 145m

Oct. 2013 130m

May 2013 22m

April 2013 50m

March 2013 50m

User Verification Methods Applications Organizations

Do you want to login?

Do you want to transfer $100 to Frank?

Do you want to ship to a new address?

Do you want to delete all of your emails?

Do you want to share your dental record?

Authentication Risk Engine

1. Passwords are insecure and inconvenient

PASSWORDLESS EXPERIENCE (UAF standards)

Transaction Detail Show a biometric or PIN Done

SECOND FACTOR EXPERIENCE (U2F standards)

Login & Password Insert Dongle, Press button Done

Is a user Same Authenticator

Can verify user

Can recognize the

How is the key protected?

Think "Smartcard re-designed for modern consumer

a; challenge, origin, channel id, etc.

kpub, h, attestation cert, signature(a,fc,kpub,h)

s fc, kpub, h, attestation cert, s

h, a; challenge, origin, channel id, etc.

PASSWORDLESS EXPERIENCE (UAF standards)

Transaction Detail Show a biometric or PIN Done

SECOND FACTOR EXPERIENCE (U2F standards)

Login & Password Insert Dongle, Press button Done

Can recognize the

Can recognize the

FIDO AUTHENTICATOR FIDO SERVER

Signed Attestation Object

Verify using trust anchor

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

BROWSER / APP UAF Protocol

Using HW based crypto AAID 1

Pure SW based implementation AAID 2

AAID: Authenticator Attestation ID (=model name)

Bob’s FIDO Authenticator

Using HW based crypto Serial #

FIDO AUTHENTICATOR FIDO SERVER

Signed Attestation Object

Verify using trust anchor

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

FIDO App Web FIDO

Verify User &

FIDO App Web FIDO

Verify User &

1.  Passwords are insecure and inconvenient