FIDO Specifications Overview: UAF & U2F
6 likes2,733 views
The document discusses the security issues surrounding traditional authentication methods, highlighting vulnerabilities such as phishing and password theft. It introduces the FIDO (Fast Identity Online) framework, which utilizes public key cryptography to enhance authentication security by separating user verification from authentication. The FIDO protocol supports various user verification methods and aims to provide a passwordless experience while ensuring convenience and security.
FIDO Specifications Overview: UAF & U2F
- 2. How Secure is Authentication?
- 3. How Secure is Authentication?
- 4. How Secure is Authentication?
- 6. Password might be entered into untrusted App / Web-site (“phishing”) Password could be stolen from the server Too many passwords to remember re-use / cart abandonment Inconvenient to type password on phone Password Issues
- 7. Classifying Threats Remotely attacking central servers steal data for impersonation 1 Physically attacking user devices misuse them for impersonation 6 Physically attacking user devices steal data for impersonation 5 Remotely attacking lots of user devices steal data for impersonation Remotely attacking lots of user devices misuse them for impersonation Remotely attacking lots of user devices misuse authenticated sessions 2 3 4 Scalable attacks Physical attacks possible on lost or stolen devices (3% in the US in 2013)
- 8. How does FIDO work? Device
- 9. How does FIDO work? Private key dedicated to one App Public key challenge (signed) response Require user gesture before private key can be used
- 10. How does FIDO work? … …SE
- 11. How does FIDO work? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Same Authenticator as registered before? Same User as enrolled before?
- 12. How does FIDO work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”. Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Same Authenticator as registered before? Same User as enrolled before?
- 13. How does FIDO work? … …SE How is the key protected (TPM, SE, TEE, …)? Which user verification method is used?
- 14. Attestation & Metadata Metadata Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org (or other sources) Private attestation key
- 15. Passwordless Experience (UAF Standards) Second Factor Experience (U2F Standards) Authenticated Online 3 Biometric User Verification* 2 Authentication Challenge 1 ? Authenticated Online 3 Second Factor Challenge 1 Insert Dongle* / Press Button 2 *There are other types of authenticators
- 16. Relying Party AppID, challenge a; challenge, origin, channel id, etc. a generate: key kpub key kpriv handle h kpub, h, attestation cert, signature(a,fc,kpub,h) fc, kpub, h, attestation cert, s cookie store: key kpub handle h s FIDO Client / BrowserU2F Authenticator check AppID fc U2F Registration
- 17. U2F Authenticator FIDO Client / Browser Relying Party h, a; challenge, origin, channel id, etc. retrieve: key kpriv from handle h; cntr++ cntr, signature(a,fc,cntr) cntr, fc, s check signature using key kpub s fc a handle, AppID, challenge U2F Authentication hcheck AppID set cookie retrieve key kpub from handle h
- 18. Passwordless Experience (UAF Standards) Second Factor Experience (U2F Standards) Authenticated Online 3 Biometric User Verification* 2 Authentication Challenge 1 ? Authenticated Online 3 Second Factor Challenge 1 Insert Dongle* / Press Button 2 *There are other types of authenticators
- 19. Registration Overview FIDO AUTHENTICATOR FIDO SERVER FIDO CLIENT Send Registration Request: - Policy - Random Challenge Start registration Verify user Generate key pair Sign attestation object: • Public key • AAID • Hash(FinalChallenge) • Name of relying party Signed by attestation key Verify signature Check AAID against policy Store public key AAID = Authenticator Attestation ID, i.e. model ID FinalChallenge=AppID | FacetID | channelBinding | serveChallenge Perform legacy authentication first, in order to bind authenticator to an electronic identity, then perform FIDO registration.
- 20. Authentication Overview FIDO AUTHENTICATOR FIDO SERVER FIDO CLIENT Send Authentication Request: - Policy - Random Challenge - Opt: TransactionText Start authentication Verify user Opt: Display TransactionText Sign signData object: • Signature alg • Hash(FinalChallenge) • Opt: Hash(TransactionText) • Signature counter • Authenticator random Signature (Uauth key) Verify signature Check AAID against policy FinalChallenge=AppID | FacetID | channelBinding | serveChallenge
- 22. Convenience & Security Convenience Security Password Password + OTP FIDO In FIDO: • Same user verification method for all servers In FIDO: Arbitrary user verification methods are supported (+ they are interoperable)
- 23. Convenience & Security Convenience Security Password Password + OTP FIDO In FIDO: • Only public keys on server • Not phishable In FIDO: Scalable security depending on Authenticator implementation
- 24. Conclusion • Different authentication use-cases lead to different authentication requirements • FIDO separates user verification from authentication and hence supports all user verification methods • FIDO supports scalable convenience & security • User verification data is known to Authenticator only • FIDO complements federation Rolf Lindemann, Nok Nok Labs, [email protected]