U2F & UAF Tutorial
Total Page:16
File Type:pdf, Size:1020Kb
U2F & UAF Tutorial How Secure is Authentication? 2014 1.2bn? 2013 397m Dec. 2013 145m Oct. 2013 130m May 2013 22m April 2013 50m March 2013 50m Cloud Authentication Password Issues 1 2 Password might be Password could be stolen entered into untrusted from the server App / Web-site (“phishing”) 4 Inconvenient to type password on phone 3 Too many passwords to remember à re-use / cart abandonment OTP Issues 1 OTP vulnerable to real- time MITM and MITB attacks 4 Inconvenient to type OTP on phone 3 OTP HW tokens are expensive and people 2 don’t want another device SMS security questionable, especially when Device is the phone Implementation Challenge A Plumbing Problem User Verification Methods Applications Organizations Silo 1 Silo 2 App 1 Silo 3 App 2 Silo N ? ? New App Authentication Needs Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code) Authentication & Risk Engines Purpose Geolocation … (from IP addr.) Explicit Authentication Authentication Risk Engine Server Summary 1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don‘t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision How does FIDO work? Device FIDO Experiences ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards) Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards) Login & Password Insert Dongle, Press button Done FIDO Universal 2nd Factor (U2F) How does FIDO U2F work? Verify user … presence How does FIDO U2F work? Is a user Same Authenticator present? as registered before? Can verify user presence How does FIDO UAF work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”. Same Authenticator Same User as as registered before? enrolled before? Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO U2F work? How is the key protected? Verify user … presence U2F Protocol • Core idea: Standard public key cryptography: o User's device mints new key pair, gives public key to server o Server asks user's device to sign data to verify the user. o One device, many services, "bring your own device" enabled • Lots of refinement for this to be consumer facing: o Privacy: Site specific keys, No unique ID per device o Security: No phishing, man-in-the-middles o Trust: Verify who made the device o Pragmatics: Affordable today, ride hardware cost curve down o Speed for user: Fast crypto in device (Elliptic Curve) Think "Smartcard re-designed for modern consumer web" U2F Registration FIDO Client / Relying U2F Authenticator Browser Party AppID, challenge check AppID a a; challenge, origin, channel id, etc. generate: key k pub fc key kpriv handle h kpub, h, attestation cert, signature(a,fc,kpub,h) s fc, kpub, h, attestation cert, s cookie store: key kpub handle h U2F Authentication FIDO Client / Relying U2F Authenticator Browser Party handle, AppID, challenge check AppID h a h, a; challenge, origin, channel id, etc. retrieve retrieve: key kpub key kpriv fc from from handle h handle h; cntr++ cntr, signature(a,fc,cntr) s cntr, fc, s check signature using key kpub set cookie User Presence API: Registration {"typ":"register", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" navigator.handleRegistrationRequest }, ({ "origin":"https://accounts.google.com" } ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, ‘app_id’: ‘https://www.google.com/facets.json’}, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; User Presence API: Auth. { "typ":"authenticate", "challenge":"KSDJsdASAS-AIS_AsS", "cid_pubkey": { "kty":"EC", "crv":"P-256", navigator.handleAuthenticationRequest "x":"HzQwlfXX7Q4S5MtCRMzPO9tOyWjBqRl4tJ8", ({ "y":"XVguGFLIZx1fXg375hi4-7-BxhMljw42Ht4" ‘challenge’: ‘KSDJsdASAS-AIS_AsS’, }, " origin‘app_id":"https://accounts.google.com" ’: ‘https://www.google.com/facets.json’, } ‘key_handle’: ‘JkjhdsfkjSDFKJ_ld-sadsAJDKLSAD’}, callback); callback = function(response) { sendToServer( response[‘clientData’], response[‘tokenData’]); }; Authentication Example Authentication Example Authentication Example Authentication Example FIDO Universal Authentication Framework (UAF) FIDO Experiences ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards) Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards) Login & Password Insert Dongle, Press button Done How does FIDO UAF work? … … SE How does FIDO UAF work? Same Authenticator Same User as as registered before? enrolled before? Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work? Identity binding to be done outside FIDO: This this “John Doe with customer ID X”. Same Authenticator Same User as as registered before? enrolled before? Can recognize the user (i.e. user verification), but doesn’t have an identity proof of the user. How does FIDO UAF work? How is the key protected (TPM, SE, TEE, …)? What user verification method is used? … … SE Attestation & Metadata FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata UAF Registration Device Relying Party FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Registration FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. UAF Registration FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. UAF Registration FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Link your fingerprint Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 Reg. 4 Response 3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Prepare KeyLink Registration your fingerprint Data: Legacy Auth + • Hash(FinalChallenge) 1 • AAID Initiate Reg. • Public key Reg. Request • KeyID + Policy 2 • Registration Counter Reg. 4 • Signature Counter Response • Signature (attestation key) FinalChallenge=Hash(AppID | FacetID | tlsData | challenge) 3 Verify User & Generate New Key Pair (specific to RP Webapp) UAF Registration Pat Johnson [email protected] FIDO App Web FIDO Authenticator App Server 0 Prepare Legacy Auth + 1 Initiate Reg. Reg. Request + Policy 2 Reg. 4 Response Success 5 3 Verify User & Generate New Key Pair (specific to RP Webapp) FIDO Building Blocks FIDO USER DEVICE TLS Server Key RELYING PARTY BROWSER / APP UAF Protocol WEB SERVER FIDO CLIENT Cryptographic FIDO SERVER authentication key reference DB ASM Authentication keys FIDO AUTHENTICATOR Attestation key Update Authenticator Metadata & attestation trust store Metadata Service AAID & Attestation FIDO Authenticator Using HW based crypto AAID 1 Based on FP Sensor X Attestation Key 1 FIDO Authenticator Pure SW based implementation AAID 2 Based on Face Recognition alg. Y Attestation Key 2 AAID: Authenticator Attestation ID (=model name) Privacy & Attestation FIDO SERVER RP1 Model A Bob’s FIDO Authenticator Using HW based crypto Serial # Model A Based on FP Sensor X FIDO SERVER RP2 Model A Attestation & Metadata FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata Facet ID / AppID UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2 UAF Authentication FIDO App Web FIDO Authenticator App Server 0 Prepare Initiate 1 Authentication Auth. Request with Challenge 2 Just a sec – our secure payment technology is working its