U2F & UAF Tutorial How Secure is Authentication? 2014 1.2bn? 2013 397m
Dec. 2013 145m
Oct. 2013 130m
May 2013 22m
April 2013 50m
March 2013 50m Cloud Authentication Password Issues 1 2 Password might be Password could be stolen entered into untrusted from the server App / Web-site (“phishing”)
4 Inconvenient to type password on phone
3 Too many passwords to remember à re-use / cart abandonment OTP Issues 1 OTP vulnerable to real- time MITM and MITB attacks
4 Inconvenient to type OTP on phone
3 OTP HW tokens are expensive and people 2 don’t want another device SMS security questionable, especially when Device is the phone Implementation Challenge A Plumbing Problem
User Verification Methods Applications Organizations
Silo 1
Silo 2 App 1
Silo 3 App 2
Silo N ? ? New App Authentication Needs
Do you want to login?
Do you want to transfer $100 to Frank?
Do you want to ship to a new address?
Do you want to delete all of your emails?
Do you want to share your dental record?
Authentication today: Ask user for a password (and perhaps a one time code) Authentication & Risk Engines
Purpose Geolocation … (from IP addr.)
Explicit Authentication
Authentication Risk Engine Server Summary
1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don‘t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision How does FIDO work?
Device FIDO Experiences
ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards)
Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards)
Login & Password Insert Dongle, Press button Done FIDO Universal 2nd Factor (U2F) How does FIDO U2F work?
Verify user … presence How does FIDO U2F work?
Is a user Same Authenticator present? as registered before?
Can verify user presence How does FIDO UAF work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
Same Authenticator Same User as as registered before? enrolled before?
Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO U2F work?
How is the key protected?
Verify user … presence U2F Protocol
• Core idea: Standard public key cryptography: o User's device mints new key pair, gives public key to server o Server asks user's device to sign data to verify the user. o One device, many services, "bring your own device" enabled • Lots of refinement for this to be consumer facing: o Privacy: Site specific keys, No unique ID per device o Security: No phishing, man-in-the-middles o Trust: Verify who made the device o Pragmatics: Affordable today, ride hardware cost curve down o Speed for user: Fast crypto in device (Elliptic Curve)
Think "Smartcard re-designed for modern consumer web" U2F Registration FIDO Client / Relying U2F Authenticator Browser Party
AppID, challenge
check AppID a
a; challenge, origin, channel id, etc. generate: key k pub fc key kpriv handle h
kpub, h, attestation cert, signature(a,fc,kpub,h)
s fc, kpub, h, attestation cert, s cookie store:
key kpub handle h U2F Authentication FIDO Client / Relying U2F Authenticator Browser Party handle, AppID, challenge
check AppID h a
h, a; challenge, origin, channel id, etc. retrieve retrieve: key kpub key kpriv fc from from handle h handle h; cntr++ cntr, signature(a,fc,cntr)
s cntr, fc, s
check signature using
key kpub set cookie User Presence API: Registration
{"typ":"register", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" navigator.handleRegistrationRequest }, ({ "origin":"https://accounts.google.com" } ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’}, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; User Presence API: Auth.
{ "typ":"authenticate", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", navigator.handleAuthenticationRequest "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", ({ "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, }, " origin‘app_id":"https://accounts.google.com" ’: ‘https://www.google.com/facets.json’, } ‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’}, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; Authentication Example Authentication Example Authentication Example Authentication Example FIDO Universal Authentication Framework (UAF) FIDO Experiences
ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards)
Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards)
Login & Password Insert Dongle, Press button Done How does FIDO UAF work?
… … SE How does FIDO UAF work?
Same Authenticator Same User as as registered before? enrolled before?
Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
Same Authenticator Same User as as registered before? enrolled before?
Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work?
How is the key protected (TPM, SE, TEE, …)? What user verification method is used?
… … SE Attestation & Metadata
FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object
Verify using trust anchor included in Metadata
Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata UAF Registration Device Relying Party
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration
FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. UAF Registration
FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. UAF Registration
FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2
UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2
UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2
UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2
3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 Reg. 4 Response
3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Prepare KeyLink Registration your fingerprint Data: Legacy Auth + • Hash(FinalChallenge) 1 • AAID Initiate Reg. • Public key Reg. Request • KeyID + Policy 2 • Registration Counter Reg. 4 • Signature Counter Response • Signature (attestation key)
FinalChallenge=Hash(AppID | FacetID | tlsData | challenge) 3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 Reg. 4 Response Success 5
3 Verify User & Generate New Key Pair (specific to RP Webapp) FIDO Building Blocks
FIDO USER DEVICE TLS Server Key RELYING PARTY
BROWSER / APP UAF Protocol WEB SERVER
FIDO CLIENT Cryptographic FIDO SERVER authentication key reference DB
ASM Authentication keys
FIDO AUTHENTICATOR Attestation key
Update Authenticator Metadata & attestation trust store Metadata Service AAID & Attestation
FIDO Authenticator
Using HW based crypto AAID 1 Based on FP Sensor X
Attestation Key 1
FIDO Authenticator
Pure SW based implementation AAID 2 Based on Face Recognition alg. Y
Attestation Key 2
AAID: Authenticator Attestation ID (=model name) Privacy & Attestation
FIDO SERVER RP1
Model A
Bob’s FIDO Authenticator
Using HW based crypto Serial # Model A Based on FP Sensor X FIDO SERVER RP2
Model A Attestation & Metadata
FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object
Verify using trust anchor included in Metadata
Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata Facet ID / AppID UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2
UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2 Just a sec – our secure payment technology is working its magic. UAF Authentication
FIDO App Web FIDO Pat Johnson Authenticator App Server [email protected] 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2
3 Verify User & Sign Challenge (Key specific to RP Webapp) UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2 Pat Johnson 650 Castro Street Auth. Mountain View, CA 94041 4 United States Response
3 Verify User & Sign Challenge (Key specific to RP Webapp) UAF Authentication
FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate SignedData: 1 • SignatureAlg Authentication • Hash(FinalChallenge) Auth. Request • Authenticator random with Challenge 2 Pat Johnson 650• CastroSignature Street Counter Auth. Mountain View, CA 94041 4 United• StatesSignature Response
FinalChallenge=Hash(AppID | FacetID | tlsData | challenge) 3 Verify User & Sign Challenge (Key specific to RP Webapp) UAF Authentication
Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request Payment complete! 2 with Challenge Return to the merchant’s web site to Auth. continue shopping 4 Response Return to the merchant Success 5
3 Verify User & Sign Challenge (Key specific to RP Webapp) Transaction Confirmation Device Relying Party
FIDO Browser Web FIDO Authenticator or Native App Server App 1 Initiate Transaction
Authentication Request + Transaction Text 2
Authentication Response 4 + Text Hash, signed by User’s private key 5
3 Validate Display Text, Verify Response & User & Unlock Text Hash Private Key using User’s Public (specific to User + RP Webapp) Key
Transaction Confirmation Device Relying Party
FIDO Browser Web FIDO Authenticator or Native App Server App 1 Initiate Transaction
SignedData: • SignatureAlg Authentication Request 2 • Hash(FinalChallenge) + Transaction Text • Authenticator random • Signature Counter Authentication Response • Hash(Transaction4 Text) • Signature + Text Hash, signed by User’s private key 5 FinalChallenge=Hash(AppID | FacetID Validate 3 | tlsData | challenge) Display Text, Verify Response & User & Unlock Text Hash Private Key using User’s Public (specific to User + RP Webapp) Key
The FIDO Authenticator Concept
Injected at manufacturing, doesn’t change
FIDO Authenticator
User Verification / Attestation Key Presence
Transaction Confirmation Authentication Key(s) Display
Optional Generated at Components runtime (on Registration) Using Secure Hardware
FIDO Authenticator in SIM Card
SIM Card User Verification (PIN) Attestation Key
Authentication Key(s) Client Side Biometrics
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification / Presence Attestation Key
Store at Enrollment
Authentication Key(s)
Compare at Authentication Unlock after comparison Combining TEE and SE
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Secure Element Verification / Attestation Key Presence e.g. GlobalPlatform Trusted UI Transaction Confirmation Authentication Key(s) Display UAF Specifications FIDO & Federation Source: Paul Madsen, FIDO Seminar, May 2014 Source: Paul Madsen, FIDO Seminar, May 2014 Complementary
• FIDO • Federation o Insulates o Insulates applications authentication server from identity providers from specific authenticators o Does not address o Focused solely on primary authentication primary authentication o Does enable secondary o Does not support authentication & attribute sharing attribute sharing o Can communicate o Can communicate details of authentication details of from IdP to SP authentication to server
Source: Paul Madsen, FIDO Seminar, May 2014 FIDO & Federation
First Mile Second Mile
FIDO USER DEVICE IdP Service Provider
BROWSER / APP UAF Protocol FEDERATION SERVER Federation
FIDO CLIENT
Id DB
FIDO AUTHENTICATOR FIDO SERVER
Knows details about the Knows details about the Identity and its verification Authentication strength strength. FIDO & Federation High
SSO slide Assurance
federatio n No more ‘Password123‘ bump status quo Low
High Frequency of login Low Source: Paul Madsen, FIDO Seminar, May 2014 FIDO & Federation High
FIDO Continuum Assurance
federatio n
status quo Low
High Frequency of login Low Source: Paul Madsen, FIDO Seminar, May 2014 FIDO & Federation High
FIDO + FIDO federatio n Assurance
federatio n
status quo Low
High Frequency of login Low Source: Paul Madsen, FIDO Seminar, May 2014 FIDO at Industry Event – Readiness
SIM as Secure Element
Fingerprint, TEE, Mobile
Speaker Recognition
Mobile via NFC
PIN + MicroSD
USB FIDO ReadyTM Products Shipping today
OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S OEM Enabled: Lenovo ThinkPads with tablets Fingerprint Sensors
Clients available for these operating systems:
Software Authenticator Examples: Aftermarket Hardware Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. USB fingerprint scanner, MicroSD Secure Element FIDO is used Today Conclusion • Different authentication use-cases lead to different authentication requirements • Today, we have authentication silos • FIDO separates user verification from authentication protocol and hence supports all user verification methods • FIDO supports scalable security and convenience • User verification data is known to Authenticator only • FIDO complements federation è Consider developing or piloting FIDO-based authentication solutions
Dr. Rolf Lindemann, Nok Nok Labs, [email protected]